The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2024-33948 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Pixel Industry TweetScroll Widget allows Stored XSS.This issue affects TweetScroll Widget: from n/a through 1.3.7. | -- | May 2, 2024 | n/a |
| CVE-2024-33947 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a through 5.3.2.0. | -- | May 3, 2024 | n/a |
| CVE-2024-33946 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WPify s.R.O. WPify Woo Czech allows Reflected XSS.This issue affects WPify Woo Czech: from n/a through 4.0.10. | -- | May 3, 2024 | n/a |
| CVE-2024-33945 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in solverwp.Com Eleblog – Elementor Blog And Magazine Addons allows Stored XSS.This issue affects Eleblog – Elementor Blog And Magazine Addons: from n/a through 1.8. | -- | May 3, 2024 | n/a |
| CVE-2024-33944 | Missing Authorization vulnerability in Kestrel WooCommerce AWeber Newsletter Subscription.This issue affects WooCommerce AWeber Newsletter Subscription: from n/a through 4.0.2. | -- | May 2, 2024 | n/a |
| CVE-2024-33943 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in HappyKite Ultimate Under Construction allows Stored XSS.This issue affects Ultimate Under Construction: from n/a through 1.9.3. | -- | May 3, 2024 | n/a |
| CVE-2024-33942 | Missing Authorization vulnerability in Eric Alli Google Typography.This issue affects Google Typography: from n/a through 1.1.2. | -- | May 14, 2024 | n/a |
| CVE-2024-33941 | Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.1. | -- | May 3, 2024 | n/a |
| CVE-2024-33940 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Ashan Jay EventON allows Stored XSS.This issue affects EventON: from n/a through 2.2.14. | -- | May 3, 2024 | n/a |
| CVE-2024-33938 | Missing Authorization vulnerability in codename065 Sliding Widgets allows Cross-Site Scripting (XSS).This issue affects Sliding Widgets: from n/a through 1.5.0. | -- | May 14, 2024 | n/a |
| CVE-2024-33937 | Missing Authorization vulnerability in Nico Martin Progressive WordPress (PWA).This issue affects Progressive WordPress (PWA): from n/a through 2.1.13. | -- | May 3, 2024 | n/a |
| CVE-2024-33936 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Twinpictures Print-O-Matic allows Stored XSS.This issue affects Print-O-Matic: from n/a through 2.1.10. | -- | May 3, 2024 | n/a |
| CVE-2024-33935 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Pascal Bajorat PB MailCrypt allows Stored XSS.This issue affects PB MailCrypt: from n/a through 3.1.0. | -- | May 3, 2024 | n/a |
| CVE-2024-33934 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Kailey Lampert Mini Loops allows Stored XSS.This issue affects Mini Loops: from n/a through 1.4.1. | -- | May 3, 2024 | n/a |
| CVE-2024-33932 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Vinod Dalvi Login Logout Register Menu allows Stored XSS.This issue affects Login Logout Register Menu: from n/a through 2.0. | -- | May 3, 2024 | n/a |
| CVE-2024-33931 | Missing Authorization vulnerability in ilGhera JW Player for WordPress.This issue affects JW Player for WordPress: from n/a through 2.3.3. | -- | May 3, 2024 | n/a |
| CVE-2024-33930 | URL Redirection to Untrusted Site (\'Open Redirect\') vulnerability in ILLID Share This Image.This issue affects Share This Image: from n/a through 1.97. | -- | May 2, 2024 | n/a |
| CVE-2024-33929 | Missing Authorization vulnerability in wpWax Directorist.This issue affects Directorist: from n/a through 7.8.6. | -- | May 3, 2024 | n/a |
| CVE-2024-33928 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in CodeBard CodeBard\'s Patron Button and Widgets for Patreon allows Reflected XSS.This issue affects CodeBard\'s Patron Button and Widgets for Patreon: from n/a through 2.2.0. | -- | May 3, 2024 | n/a |
| CVE-2024-33927 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Team GIPHY Giphypress allows Stored XSS.This issue affects Giphypress: from n/a through 1.6.2. | -- | May 3, 2024 | n/a |
| CVE-2024-33926 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Karl Kiesinger GWP-Histats allows Stored XSS.This issue affects GWP-Histats: from n/a through 1.0. | -- | May 3, 2024 | n/a |
| CVE-2024-33925 | Missing Authorization vulnerability in Adrian Mörchen Embed Google Fonts.This issue affects Embed Google Fonts: from n/a through 3.1.0. | -- | May 3, 2024 | n/a |
| CVE-2024-33924 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Realtyna Realtyna Organic IDX plugin allows Reflected XSS.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.4. | -- | May 3, 2024 | n/a |
| CVE-2024-33923 | Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.69. | -- | May 3, 2024 | n/a |
| CVE-2024-33922 | Insertion of Sensitive Information into Log File vulnerability in Jordy Meow WP Media Cleaner.This issue affects WP Media Cleaner: from n/a through 6.7.2. | -- | May 2, 2024 | n/a |
| CVE-2024-33921 | Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6.21. | -- | May 3, 2024 | n/a |
| CVE-2024-33920 | Missing Authorization vulnerability in Kama Democracy Poll.This issue affects Democracy Poll: from n/a through 6.0.3. | -- | May 3, 2024 | n/a |
| CVE-2024-33919 | Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1. | -- | May 3, 2024 | n/a |
| CVE-2024-33918 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Maxim K AJAX Login and Registration modal popup + inline form allows Stored XSS.This issue affects AJAX Login and Registration modal popup + inline form: from n/a through 2.23. | -- | May 3, 2024 | n/a |
| CVE-2024-33916 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in MachoThemes CPO Companion allows Stored XSS.This issue affects CPO Companion: from n/a through 1.1.0. | -- | May 3, 2024 | n/a |
| CVE-2024-33915 | Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1. | -- | May 3, 2024 | n/a |
| CVE-2024-33914 | Missing Authorization vulnerability in Exclusive Addons Exclusive Addons Elementor.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.1. | -- | May 3, 2024 | n/a |
| CVE-2024-33913 | Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary File Upload in Xserver Migrator.This issue affects Xserver Migrator: from n/a through 1.6.1. | -- | May 2, 2024 | n/a |
| CVE-2024-33912 | Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16. | -- | May 6, 2024 | n/a |
| CVE-2024-33911 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through 10.3.4. | -- | May 2, 2024 | n/a |
| CVE-2024-33910 | Missing Authorization vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7. | -- | May 6, 2024 | n/a |
| CVE-2024-33908 | Missing Authorization vulnerability in Themesgrove WidgetKit.This issue affects WidgetKit: from n/a through 2.5.0. | -- | May 7, 2024 | n/a |
| CVE-2024-33907 | Missing Authorization vulnerability in Michael Nelson Print My Blog.This issue affects Print My Blog: from n/a through 3.26.2. | -- | May 7, 2024 | n/a |
| CVE-2024-33905 | In Telegram WebK before 2.0.0 (488), a crafted Mini Web App allows XSS via the postMessage web_app_open_link event type. | -- | Apr 29, 2024 | n/a |
| CVE-2024-33904 | In plugins/HookSystem.cpp in Hyprland through 0.39.1 (before 28c8561), through a race condition, a local attacker can cause execution of arbitrary assembly code by writing to a predictable temporary file. | -- | Apr 29, 2024 | n/a |
| CVE-2024-33903 | In CARLA through 0.9.15.2, the collision sensor mishandles some situations involving pedestrians or bicycles, in part because the collision sensor function is not exposed to the Blueprint library. | -- | Apr 29, 2024 | n/a |
| CVE-2024-33899 | RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences. | -- | Apr 29, 2024 | n/a |
| CVE-2024-33891 | Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute. | -- | Apr 29, 2024 | n/a |
| CVE-2024-33883 | The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection. | -- | Apr 29, 2024 | n/a |
| CVE-2024-33878 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | May 14, 2024 | n/a |
| CVE-2024-33877 | HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c. | -- | May 14, 2024 | n/a |
| CVE-2024-33876 | HDF5 Library through 1.14.3 has a heap buffer overflow in H5S__point_deserialize in H5Spoint.c. | -- | May 14, 2024 | n/a |
| CVE-2024-33875 | HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c, resulting in the corruption of the instruction pointer. | -- | May 14, 2024 | n/a |
| CVE-2024-33874 | HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c. | -- | May 14, 2024 | n/a |
| CVE-2024-33873 | HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c. | -- | May 14, 2024 | n/a |
