The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2024-31750 | SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter. | -- | Apr 19, 2024 | n/a |
| CVE-2024-30938 | SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMS_User.php component. | -- | Apr 19, 2024 | n/a |
| CVE-2024-29204 | A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands | -- | Apr 19, 2024 | n/a |
| CVE-2024-27984 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete specific type of files and/or cause denial of service. | -- | Apr 19, 2024 | n/a |
| CVE-2024-27978 | A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. | -- | Apr 19, 2024 | n/a |
| CVE-2024-27977 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service. | -- | Apr 19, 2024 | n/a |
| CVE-2024-27976 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | -- | Apr 19, 2024 | n/a |
| CVE-2024-27975 | An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | -- | Apr 19, 2024 | n/a |
| CVE-2024-25000 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | -- | Apr 19, 2024 | n/a |
| CVE-2024-24999 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | -- | Apr 19, 2024 | n/a |
| CVE-2024-24998 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | -- | Apr 19, 2024 | n/a |
| CVE-2024-24997 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | -- | Apr 19, 2024 | n/a |
| CVE-2024-24996 | A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands. | -- | Apr 19, 2024 | n/a |
| CVE-2024-24995 | A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | -- | Apr 19, 2024 | n/a |
| CVE-2024-24994 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | -- | Apr 19, 2024 | n/a |
| CVE-2024-24993 | A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | -- | Apr 19, 2024 | n/a |
| CVE-2024-24992 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | -- | Apr 19, 2024 | n/a |
| CVE-2024-24991 | A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. | -- | Apr 19, 2024 | n/a |
| CVE-2024-23535 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | -- | Apr 19, 2024 | n/a |
| CVE-2024-23534 | An Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | -- | Apr 19, 2024 | n/a |
| CVE-2024-23533 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote attacker to read sensitive information in memory. | -- | Apr 19, 2024 | n/a |
| CVE-2024-23532 | An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution. | -- | Apr 19, 2024 | n/a |
| CVE-2024-23531 | An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading content from memory. | -- | Apr 19, 2024 | n/a |
| CVE-2024-23530 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | -- | Apr 19, 2024 | n/a |
| CVE-2024-23529 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | -- | Apr 19, 2024 | n/a |
| CVE-2024-23528 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | -- | Apr 19, 2024 | n/a |
| CVE-2024-23526 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | -- | Apr 19, 2024 | n/a |
| CVE-2024-22061 | A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands | -- | Apr 19, 2024 | n/a |
| CVE-2024-3818 | The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\'s Social Icons block in all versions up to, and including, 4.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | -- | Apr 19, 2024 | n/a |
| CVE-2024-3731 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \'s\' parameter in all versions up to, and including, 5.47.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | -- | Apr 19, 2024 | n/a |
| CVE-2024-3615 | The Media Library Folders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \'s\' parameter in all versions up to, and including, 8.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | -- | Apr 19, 2024 | n/a |
| CVE-2024-3600 | The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action in addition to insufficient escaping and sanitization in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to create quizzes and inject malicious web scripts into them that execute when a user visits the page. | -- | Apr 19, 2024 | n/a |
| CVE-2024-3598 | The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\'s Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | -- | Apr 19, 2024 | n/a |
| CVE-2024-3560 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id value in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | -- | Apr 19, 2024 | n/a |
| CVE-2024-2410 | -- | Apr 19, 2024 | n/a | |
| CVE-2024-32746 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the MENU parameter under the Menu module. | -- | Apr 18, 2024 | n/a |
| CVE-2024-32745 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module. | -- | Apr 18, 2024 | n/a |
| CVE-2024-32744 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module. | -- | Apr 18, 2024 | n/a |
| CVE-2024-32743 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module. | -- | Apr 18, 2024 | n/a |
| CVE-2024-32689 | Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through 1.7.3. | -- | Apr 18, 2024 | n/a |
| CVE-2024-32686 | Insertion of Sensitive Information into Log File vulnerability in Inisev Backup Migration.This issue affects Backup Migration: from n/a through 1.4.3. | -- | Apr 18, 2024 | n/a |
| CVE-2024-32604 | Authorization Bypass Through User-Controlled Key vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. | -- | Apr 18, 2024 | n/a |
| CVE-2024-32603 | Deserialization of Untrusted Data vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.20. | -- | Apr 18, 2024 | n/a |
| CVE-2024-32602 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.3.1. | -- | Apr 18, 2024 | n/a |
| CVE-2024-32601 | Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Popup Anything.This issue affects Popup Anything: from n/a through 2.8. | -- | Apr 18, 2024 | n/a |
| CVE-2024-32600 | Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.5. | -- | Apr 18, 2024 | n/a |
| CVE-2024-32599 | Improper Control of Generation of Code (\'Code Injection\') vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.2.1. | -- | Apr 18, 2024 | n/a |
| CVE-2024-32598 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Booking Algorithms BA Book Everything allows Stored XSS.This issue affects BA Book Everything: from n/a through 1.6.8. | -- | Apr 18, 2024 | n/a |
| CVE-2024-32597 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Xylus Themes WordPress Importer allows Stored XSS.This issue affects WordPress Importer: from n/a through 1.0.7. | -- | Apr 18, 2024 | n/a |
| CVE-2024-32596 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Eric-Oliver Mächler DSGVO Youtube allows Stored XSS.This issue affects DSGVO Youtube: from n/a through 1.4.5. | -- | Apr 18, 2024 | n/a |
