The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2024-30981 | SQL Injection vulnerability in /edit-computer-detail.php in phpgurukul Cyber Cafe Management System Using PHP & MySQL v1.0 allows attackers to run arbitrary SQL commands via editid in the application URL. | -- | Apr 17, 2024 | n/a |
| CVE-2024-30982 | SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the upid parameter in the /view-user-detail.php file. | -- | Apr 17, 2024 | n/a |
| CVE-2024-30983 | SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the compname parameter in /edit-computer-detail.php file. | -- | Apr 17, 2024 | n/a |
| CVE-2024-30985 | SQL Injection vulnerability in B/W Dates Reports page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via todate and fromdate parameters. | -- | Apr 17, 2024 | n/a |
| CVE-2024-30986 | Cross Site Scripting vulnerability in /edit-services-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and via price and sname parameter. | -- | Apr 17, 2024 | n/a |
| CVE-2024-30987 | Cross Site Scripting vulnerability in /bwdates-reports-ds.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the fromdate and todate parameters. | -- | Apr 17, 2024 | n/a |
| CVE-2024-30988 | Cross Site Scripting vulnerability in /search-invoices.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the Search bar. | -- | Apr 17, 2024 | n/a |
| CVE-2024-30989 | Cross Site Scripting vulnerability in /edit-client-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code via the cname, comname, state and city parameter. | -- | Apr 17, 2024 | n/a |
| CVE-2024-30990 | SQL Injection vulnerability in the Invoices page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via searchdata parameter. | -- | Apr 17, 2024 | n/a |
| CVE-2024-30998 | SQL Injection vulnerability in PHPGurukul Men Salon Management System v.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via the email parameter in the index.php component. | -- | Apr 3, 2024 | n/a |
| CVE-2024-31002 | Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4 BitReader::ReadCache() at Ap4Utils.cpp component. | -- | Apr 2, 2024 | n/a |
| CVE-2024-31003 | Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial at Ap4ByteStream.cpp. | -- | Apr 2, 2024 | n/a |
| CVE-2024-31004 | An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4StsdAtom.cpp,AP4_StsdAtom::AP4_StsdAtom,mp4fragment. | -- | Apr 2, 2024 | n/a |
| CVE-2024-31005 | An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4MdhdAtom.cpp,AP4_MdhdAtom::AP4_MdhdAtom,mp4fragment | -- | Apr 2, 2024 | n/a |
| CVE-2024-31008 | An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file. | -- | Apr 3, 2024 | n/a |
| CVE-2024-31009 | SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via lgid parameter in Banner.php. | -- | Apr 3, 2024 | n/a |
| CVE-2024-31010 | SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Banner.php. | -- | Apr 3, 2024 | n/a |
| CVE-2024-31011 | Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php. | -- | Apr 3, 2024 | n/a |
| CVE-2024-31012 | An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file. | -- | Apr 3, 2024 | n/a |
| CVE-2024-31013 | Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3, allow remote attackers to execute arbitrary code via a crafted payload to the bottom of the homepage in footer_info parameter. | -- | Apr 3, 2024 | n/a |
| CVE-2024-31022 | An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component. | -- | Apr 8, 2024 | n/a |
| CVE-2024-31025 | SQL Injection vulnerability in ECshop 4.x allows an attacker to obtain sensitive information via the file/article.php component. | -- | Apr 4, 2024 | n/a |
| CVE-2024-31031 | An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow. | -- | Apr 17, 2024 | n/a |
| CVE-2024-31032 | An issue in Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport v.1.1.2 allows a remote attacker to execute arbitrary code via the manager/ipping.php component. | -- | Apr 1, 2024 | n/a |
| CVE-2024-31033 | JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey() method within the DefaultJwtParser class and the signWith() method within the DefaultJwtBuilder class. NOTE: the vendor disputes this because the ignores behavior cannot occur (in any version) unless there is a user error in how JJWT is used, and because the version that was actually tested must have been more than six years out of date. | -- | Apr 1, 2024 | n/a |
| CVE-2024-31036 | A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of service via transmission of crafted hexstreams. | -- | Apr 23, 2024 | n/a |
| CVE-2024-31040 | Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted hexstreams. | -- | Apr 17, 2024 | n/a |
| CVE-2024-31041 | Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to cause a denial of service. | -- | Apr 17, 2024 | n/a |
| CVE-2024-31047 | An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp. | -- | Apr 9, 2024 | n/a |
| CVE-2024-31061 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Last Name input field. | -- | Mar 28, 2024 | n/a |
| CVE-2024-31062 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Street input field. | -- | Mar 28, 2024 | n/a |
| CVE-2024-31063 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field. | -- | Mar 28, 2024 | n/a |
| CVE-2024-31064 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field. | -- | Mar 28, 2024 | n/a |
| CVE-2024-31065 | Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the City input field. | -- | Mar 28, 2024 | n/a |
| CVE-2024-31069 | IO-1020 Micro ELD web server uses a default password for authentication. | -- | Apr 15, 2024 | n/a |
| CVE-2024-31077 | Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege may obtain and alter any information in the database and cause a denial-of-service (DoS) condition. | -- | Apr 23, 2024 | n/a |
| CVE-2024-31078 | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference. | -- | May 7, 2024 | n/a |
| CVE-2024-31080 | A heap-based buffer over-read vulnerability was found in the X.org server\'s ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker\'s inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads. | -- | Apr 4, 2024 | n/a |
| CVE-2024-31081 | A heap-based buffer over-read vulnerability was found in the X.org server\'s ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker\'s inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads. | -- | Apr 4, 2024 | n/a |
| CVE-2024-31082 | A heap-based buffer over-read vulnerability was found in the X.org server\'s ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker\'s inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads. | -- | Apr 4, 2024 | n/a |
| CVE-2024-31083 | A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request. | -- | Apr 5, 2024 | n/a |
| CVE-2024-31084 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Pulsar Web Design Weekly Class Schedule allows Reflected XSS.This issue affects Weekly Class Schedule: from n/a through 3.19. | -- | Apr 1, 2024 | n/a |
| CVE-2024-31085 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Rob Marsh, SJ Post-Plugin Library allows Reflected XSS.This issue affects Post-Plugin Library: from n/a through 2.6.2.1. | -- | Apr 1, 2024 | n/a |
| CVE-2024-31086 | Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Change default login logo,url and title allows Cross-Site Scripting (XSS).This issue affects Change default login logo,url and title: from n/a through 2.0. | -- | Apr 15, 2024 | n/a |
| CVE-2024-31087 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Joel Starnes pageMash > Page Management allows Reflected XSS.This issue affects pageMash > Page Management: from n/a through 1.3.0. | -- | Apr 1, 2024 | n/a |
| CVE-2024-31089 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Techblissonline.Com (Rajesh) Platinum SEO allows Stored XSS.This issue affects Platinum SEO: from n/a through 2.4.0. | -- | Apr 1, 2024 | n/a |
| CVE-2024-31090 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ???? Hacklog Down As PDF allows Reflected XSS.This issue affects Hacklog Down As PDF: from n/a through 2.3.6. | -- | Apr 1, 2024 | n/a |
| CVE-2024-31091 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in SparkWeb Interactive, Inc. Custom Field Bulk Editor allows Reflected XSS.This issue affects Custom Field Bulk Editor: from n/a through 1.9.1. | -- | Apr 1, 2024 | n/a |
| CVE-2024-31092 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Philip M. Hofer (Frumph) Comic Easel allows Reflected XSS.This issue affects Comic Easel: from n/a through 1.15. | -- | Apr 1, 2024 | n/a |
| CVE-2024-31093 | Cross-Site Request Forgery (CSRF) vulnerability in Kaloyan K. Tsvetkov Broken Images allows Cross-Site Scripting (XSS).This issue affects Broken Images: from n/a through 0.2. | -- | Apr 15, 2024 | n/a |
