The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2024-31552 | CuteHttpFileServer v.3.1 version has an arbitrary file download vulnerability, which allows attackers to download arbitrary files on the server and obtain sensitive information. | -- | Apr 19, 2024 | n/a |
| CVE-2024-31574 | Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attacker to execute arbitrary code via a crafted script | -- | Apr 25, 2024 | n/a |
| CVE-2024-31576 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Apr 15, 2024 | n/a |
| CVE-2024-31578 | FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. | -- | Apr 17, 2024 | n/a |
| CVE-2024-31580 | PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | -- | Apr 17, 2024 | n/a |
| CVE-2024-31581 | FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application. | -- | Apr 17, 2024 | n/a |
| CVE-2024-31582 | FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input. | -- | Apr 17, 2024 | n/a |
| CVE-2024-31583 | Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp. | -- | Apr 17, 2024 | n/a |
| CVE-2024-31584 | Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp. | -- | Apr 22, 2024 | n/a |
| CVE-2024-31585 | FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | -- | Apr 17, 2024 | n/a |
| CVE-2024-31587 | SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower allows an unauthenticated attacker to download device configuration files via a crafted request. | -- | Apr 19, 2024 | n/a |
| CVE-2024-31601 | An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php component. | -- | Apr 29, 2024 | n/a |
| CVE-2024-31609 | Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via the header code and footer code fields in code configuration. | -- | Apr 25, 2024 | n/a |
| CVE-2024-31610 | File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted file. | -- | Apr 25, 2024 | n/a |
| CVE-2024-31615 | ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php. | -- | Apr 25, 2024 | n/a |
| CVE-2024-31616 | An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers with firmware version RSR10-01G-T-S_RSR_3.0(1)B9P2, Release(07150910) allows attackers to execute arbitrary code via the common_quick_config.lua file. | -- | Apr 23, 2024 | n/a |
| CVE-2024-31621 | An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component. | -- | Apr 29, 2024 | n/a |
| CVE-2024-31634 | Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \\XunRuiCMS\\dayrui\\Fcms\\Library. | -- | Apr 16, 2024 | n/a |
| CVE-2024-31648 | Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/new_category2. | -- | Apr 16, 2024 | n/a |
| CVE-2024-31649 | A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter. | -- | Apr 16, 2024 | n/a |
| CVE-2024-31650 | A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter. | -- | Apr 16, 2024 | n/a |
| CVE-2024-31651 | A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter. | -- | Apr 16, 2024 | n/a |
| CVE-2024-31652 | A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter. | -- | Apr 16, 2024 | n/a |
| CVE-2024-31666 | An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php component. | -- | Apr 22, 2024 | n/a |
| CVE-2024-31678 | Sourcecodester Loan Management System v1.0 is vulnerable to SQL Injection via the password parameter in the login.php file. | -- | Apr 11, 2024 | n/a |
| CVE-2024-31680 | File Upload vulnerability in Shibang Communications Co., Ltd. IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the my_parser.php component. | -- | Apr 17, 2024 | n/a |
| CVE-2024-31705 | An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via the insufficient validation of user-supplied input. | -- | Apr 29, 2024 | n/a |
| CVE-2024-31741 | Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login. | -- | Apr 29, 2024 | n/a |
| CVE-2024-31744 | In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file. | -- | Apr 11, 2024 | n/a |
| CVE-2024-31745 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-2002. Reason: This candidate is a duplicate of CVE-2024-2002. Notes: All CVE users should reference CVE-2024-2002 instead of this candidate. | -- | Apr 19, 2024 | n/a |
| CVE-2024-31747 | An issue in Yealink VP59 Microsoft Teams Phone firmware 91.15.0.118 (fixed in 122.15.0.142) allows a physically proximate attacker to disable the phone lock via the Walkie Talkie menu option. | -- | Apr 29, 2024 | n/a |
| CVE-2024-31750 | SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter. | -- | Apr 19, 2024 | n/a |
| CVE-2024-31755 | cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c. | -- | Apr 26, 2024 | n/a |
| CVE-2024-31759 | An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function. | -- | Apr 16, 2024 | n/a |
| CVE-2024-31760 | An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an attacker to escalate privileges via the Session Expiration component. | -- | Apr 16, 2024 | n/a |
| CVE-2024-31783 | Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before, allows a local attacker to obtain sensitive information via a crafted script during markdown file creation. | -- | Apr 16, 2024 | n/a |
| CVE-2024-31784 | An issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the src component. | -- | Apr 16, 2024 | n/a |
| CVE-2024-31801 | Directory Traversal vulnerability in NEXSYS-ONE before v.Rev.15320 allows a remote attacker to obtain sensitive information via a crafted request. | -- | Apr 29, 2024 | n/a |
| CVE-2024-31804 | An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacker to escalate privileges via the Program.exe component. | -- | Apr 23, 2024 | n/a |
| CVE-2024-31805 | TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function. | -- | Apr 8, 2024 | n/a |
| CVE-2024-31806 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization. | -- | Apr 8, 2024 | n/a |
| CVE-2024-31807 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function. | -- | Apr 8, 2024 | n/a |
| CVE-2024-31808 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. | -- | Apr 8, 2024 | n/a |
| CVE-2024-31809 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function. | -- | Apr 8, 2024 | n/a |
| CVE-2024-31811 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function. | -- | Apr 8, 2024 | n/a |
| CVE-2024-31812 | In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig. | -- | Apr 8, 2024 | n/a |
| CVE-2024-31813 | TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default. | -- | Apr 8, 2024 | n/a |
| CVE-2024-31814 | TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function. | -- | Apr 8, 2024 | n/a |
| CVE-2024-31815 | In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh | -- | Apr 8, 2024 | n/a |
| CVE-2024-31816 | In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg. | -- | Apr 8, 2024 | n/a |
