The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-25389 | RT-Thread through 5.0.2 generates random numbers with a weak algorithm of seed = 214013L * seed + 2531011L; return (seed >> 16) & 0x7FFF; in calc_random in drivers/misc/rt_random.c. | -- | Mar 27, 2024 |
| CVE-2024-25390 | A heap buffer overflow occurs in finsh/msh_file.c and finsh/msh.c in RT-Thread through 5.0.2. | -- | Mar 27, 2024 |
| CVE-2024-25391 | A stack buffer overflow occurs in libc/posix/ipc/mqueue.c in RT-Thread through 5.0.2. | -- | Mar 27, 2024 |
| CVE-2024-25392 | An out-of-bounds access occurs in utilities/var_export/var_export.c in RT-Thread through 5.0.2. | -- | Mar 27, 2024 |
| CVE-2024-25393 | A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2. | -- | Mar 27, 2024 |
| CVE-2024-25394 | A buffer overflow occurs in utilities/ymodem/ry_sy.c in RT-Thread through 5.0.2 because of an incorrect sprintf call or a missing \'\\0\' character. | -- | Mar 27, 2024 |
| CVE-2024-25395 | A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2. | -- | Mar 27, 2024 |
| CVE-2024-25398 | In Srelay (the SOCKS proxy and Relay) v.0.4.8p3, a specially crafted network payload can trigger a denial of service condition and disrupt the service. | -- | Feb 28, 2024 |
| CVE-2024-25399 | Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php. | -- | Feb 28, 2024 |
| CVE-2024-25400 | Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. | -- | Feb 28, 2024 |
| CVE-2024-25407 | SteVe v3.6.0 was discovered to use predictable transaction ID\'s when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID\'s to terminate other transactions. | -- | Feb 13, 2024 |
| CVE-2024-25410 | flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in update_setting.php. | -- | Feb 26, 2024 |
| CVE-2024-25413 | A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file. | -- | Feb 16, 2024 |
| CVE-2024-25414 | An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file. | -- | Feb 16, 2024 |
| CVE-2024-25415 | A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php. | -- | Feb 16, 2024 |
| CVE-2024-25417 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php. | -- | Feb 12, 2024 |
| CVE-2024-25418 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php. | -- | Feb 12, 2024 |
| CVE-2024-25419 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php. | -- | Feb 12, 2024 |
| CVE-2024-25420 | An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component. | -- | Mar 26, 2024 |
| CVE-2024-25421 | An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component. | -- | Mar 26, 2024 |
| CVE-2024-25422 | SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component. | -- | Feb 29, 2024 |
| CVE-2024-25423 | An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to execute arbitrary code via a crafted c4d_base.xdl64 file. | -- | Feb 22, 2024 |
| CVE-2024-25428 | SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter. | -- | Feb 20, 2024 |
| CVE-2024-25434 | A cross-site scripting (XSS) vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter. | -- | Mar 4, 2024 |
| CVE-2024-25435 | A cross-site scripting (XSS) vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter. | -- | Feb 29, 2024 |
| CVE-2024-25436 | A cross-site scripting (XSS) vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function. | -- | Mar 4, 2024 |
| CVE-2024-25438 | A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function. | -- | Mar 4, 2024 |
| CVE-2024-25442 | An issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. | -- | Feb 20, 2024 |
| CVE-2024-25443 | An issue in the HuginBase::ImageVariable<double>::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image. | -- | Feb 20, 2024 |
| CVE-2024-25445 | Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure. | -- | Feb 20, 2024 |
| CVE-2024-25446 | An issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. | -- | Feb 20, 2024 |
| CVE-2024-25447 | An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. | -- | Feb 15, 2024 |
| CVE-2024-25448 | An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. | -- | Feb 15, 2024 |
| CVE-2024-25450 | imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts(). | -- | Feb 15, 2024 |
| CVE-2024-25451 | Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_DataBuffer::ReallocateBuffer() function. | -- | Feb 12, 2024 |
| CVE-2024-25452 | Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() function. | -- | Feb 12, 2024 |
| CVE-2024-25453 | Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function. | -- | Feb 12, 2024 |
| CVE-2024-25454 | Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function. | -- | Feb 12, 2024 |
| CVE-2024-25458 | An issue in CYCZCAM, SHIX ZHAO, SHIXCAM A9 Camera (circuit board identifier A9-48B-V1.0) firmware v.CYCAM_48B_BC01_v87_0903 allows a remote attacker to obtain sensitive information via a crafted request to a UDP port. | -- | May 1, 2024 |
| CVE-2024-25461 | Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component. | -- | Feb 22, 2024 |
| CVE-2024-25466 | Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component. | -- | Feb 16, 2024 |
| CVE-2024-25468 | An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component. | -- | Feb 20, 2024 |
| CVE-2024-25469 | SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component. | -- | Feb 26, 2024 |
| CVE-2024-25501 | An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker to execute arbitrary code via a crafted script to the email parameter. | -- | Mar 11, 2024 |
| CVE-2024-25502 | Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component. | -- | Feb 16, 2024 |
| CVE-2024-25503 | Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17.0.9 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the edit details parameter of the New Project function. | -- | Apr 4, 2024 |
| CVE-2024-25506 | Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker before 4.0 allows a remote attacker to run arbitrary code via control of the pm_sys_sys cookie. | -- | Mar 28, 2024 |
| CVE-2024-25507 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx. | -- | May 7, 2024 |
| CVE-2024-25508 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx. | -- | May 7, 2024 |
| CVE-2024-25509 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx. | -- | May 7, 2024 |
