The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2024-29765 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Alireza Sedghi Aparat for WordPress allows Stored XSS.This issue affects Aparat for WordPress: from n/a through 2.2.0. | -- | Mar 27, 2024 | n/a |
CVE-2024-29764 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Molongui allows Stored XSS.This issue affects Molongui: from n/a through 4.7.7. | -- | Mar 27, 2024 | n/a |
CVE-2024-29763 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Reflected XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3. | -- | Mar 27, 2024 | n/a |
CVE-2024-29762 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) allows Stored XSS.This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through 0.5.8.1. | -- | Mar 27, 2024 | n/a |
CVE-2024-29761 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Krunal Prajapati WP Post Disclaimer allows Stored XSS.This issue affects WP Post Disclaimer: from n/a through 1.0.3. | -- | Mar 27, 2024 | n/a |
CVE-2024-29760 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Pluggabl LLC Booster for WooCommerce allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through 7.1.7. | -- | Mar 27, 2024 | n/a |
CVE-2024-29759 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54. | -- | Mar 27, 2024 | n/a |
CVE-2024-29758 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Kienso Co-marquage service-public.Fr allows Reflected XSS.This issue affects Co-marquage service-public.Fr: from n/a through 0.5.72. | -- | Mar 27, 2024 | n/a |
CVE-2024-29735 | Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow\'s local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix group of the folders. In the case Airflow is run with the root user (not recommended) it added group write permission to all folders up to the root of the filesystem. If your log files are stored in the home directory, these permission changes might impact your ability to run SSH operations after your home directory becomes group-writeable. This issue does not affect users who use or extend Airflow using Official Airflow Docker reference images ( https://hub.docker.com/r/apache/airflow/ ) - those images require to have group write permission set anyway. You are affected only if you install Airflow using local installation / virtualenv or other Docker images, but the issue has no impact if docker containers are used as intended, i.e. where Airflow components do not share containers with other applications and users. Also you should not be affected if your umask is 002 (group write enabled) - this is the default on many linux systems. Recommendation for users using Airflow outside of the containers: * if you are using root to run Airflow, change your Airflow user to use non-root * upgrade Apache Airflow to 2.8.4 or above * If you prefer not to upgrade, you can change the https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#file-task-handler-new-folder-permissions to 0o755 (original value 0o775). * if you already ran Airflow tasks before and your default umask is 022 (group write disabled) you should stop Airflow components, check permissions of AIRFLOW_HOME/logs in all your components and all parent directories of this directory and remove group write access for all the parent directories | -- | Mar 26, 2024 | n/a |
CVE-2024-29732 | A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via user parameter. | -- | Mar 21, 2024 | n/a |
CVE-2024-29684 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code. | -- | Mar 26, 2024 | n/a |
CVE-2024-29666 | Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component. | -- | Mar 26, 2024 | n/a |
CVE-2024-29650 | An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker to execute arbitrary code via the mutIn and mutInManyUnsafe components. | -- | Mar 25, 2024 | n/a |
CVE-2024-29644 | Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box. | -- | Mar 26, 2024 | n/a |
CVE-2024-29515 | File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component. | -- | Mar 26, 2024 | n/a |
CVE-2024-29499 | Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2. | -- | Mar 22, 2024 | n/a |
CVE-2024-29489 | Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type. | -- | Mar 28, 2024 | n/a |
CVE-2024-29474 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module. | -- | Mar 21, 2024 | n/a |
CVE-2024-29473 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module. | -- | Mar 21, 2024 | n/a |
CVE-2024-29472 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module. | -- | Mar 21, 2024 | n/a |
CVE-2024-29471 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module. | -- | Mar 21, 2024 | n/a |
CVE-2024-29470 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links. | -- | Mar 21, 2024 | n/a |
CVE-2024-29469 | A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module. | -- | Mar 21, 2024 | n/a |
CVE-2024-29442 | An unauthorized access vulnerability has been discovered in ROS2 Humble Hawksbill versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. | -- | Mar 26, 2024 | n/a |
CVE-2024-29440 | An unauthorized access vulnerability has been discovered in ROS2 Humble Hawksbill versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. | -- | Mar 26, 2024 | n/a |
CVE-2024-29419 | There is a Cross-site scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013. | -- | Mar 20, 2024 | n/a |
CVE-2024-29401 | xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the session of a deleted admin to do anything. | -- | Mar 26, 2024 | n/a |
CVE-2024-29385 | DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function. | -- | Mar 22, 2024 | n/a |
CVE-2024-29374 | A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3.10.9 handles user input within the GET /?lang= URL parameter. | -- | Mar 21, 2024 | n/a |
CVE-2024-29366 | A command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KRb03. | -- | Mar 22, 2024 | n/a |
CVE-2024-29338 | Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2. | -- | Mar 22, 2024 | n/a |
CVE-2024-29316 | NodeBB 3.6.7 is vulnerable to Incorrect Access Control. | -- | Mar 28, 2024 | n/a |
CVE-2024-29303 | The delete admin users function of SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection | -- | Mar 26, 2024 | n/a |
CVE-2024-29302 | SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-employee.php. | -- | Mar 26, 2024 | n/a |
CVE-2024-29301 | SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-admin.php?admin_id= | -- | Mar 26, 2024 | n/a |
CVE-2024-29275 | SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php. | -- | Mar 22, 2024 | n/a |
CVE-2024-29273 | There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document. | -- | Mar 22, 2024 | n/a |
CVE-2024-29272 | Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php. | -- | Mar 22, 2024 | n/a |
CVE-2024-29271 | Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php. | -- | Mar 22, 2024 | n/a |
CVE-2024-29244 | Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the pin_code_3g parameter at /apply.cgi. | -- | Mar 21, 2024 | n/a |
CVE-2024-29243 | Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at /apply.cgi. | -- | Mar 21, 2024 | n/a |
CVE-2024-29241 | Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors. | -- | Mar 28, 2024 | n/a |
CVE-2024-29240 | Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors. | -- | Mar 28, 2024 | n/a |
CVE-2024-29239 | Improper neutralization of special elements used in an SQL command (\'SQL Injection\') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | -- | Mar 28, 2024 | n/a |
CVE-2024-29238 | Improper neutralization of special elements used in an SQL command (\'SQL Injection\') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | -- | Mar 28, 2024 | n/a |
CVE-2024-29237 | Improper neutralization of special elements used in an SQL command (\'SQL Injection\') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | -- | Mar 28, 2024 | n/a |
CVE-2024-29236 | Improper neutralization of special elements used in an SQL command (\'SQL Injection\') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | -- | Mar 28, 2024 | n/a |
CVE-2024-29235 | Improper neutralization of special elements used in an SQL command (\'SQL Injection\') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | -- | Mar 28, 2024 | n/a |
CVE-2024-29234 | Improper neutralization of special elements used in an SQL command (\'SQL Injection\') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | -- | Mar 28, 2024 | n/a |
CVE-2024-29233 | Improper neutralization of special elements used in an SQL command (\'SQL Injection\') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | -- | Mar 28, 2024 | n/a |