The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2024-32025 | Kohya_ss is a GUI for Kohya\'s Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `group_images_gui.py`. This vulnerability is fixed in 23.1.5. | -- | Apr 16, 2024 | n/a |
CVE-2024-32026 | Kohya_ss is a GUI for Kohya\'s Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `git_caption_gui.py`. This vulnerability is fixed in 23.1.5. | -- | Apr 16, 2024 | n/a |
CVE-2024-32027 | Kohya_ss is a GUI for Kohya\'s Stable Diffusion trainers. Kohya_ss v22.6.1 is vulnerable to command injection in `finetune_gui.py` This vulnerability is fixed in 23.1.5. | -- | Apr 16, 2024 | n/a |
CVE-2024-32028 | OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of `OpenTelemetry.Instrumentation.Http` and `OpenTelemetry.Instrumentation.AspNetCore` the `url.full` writes attribute/tag on spans (`Activity`) when tracing is enabled for outgoing http requests and `OpenTelemetry.Instrumentation.AspNetCore` writes the `url.query` attribute/tag on spans (`Activity`) when tracing is enabled for incoming http requests. These attributes are defined by the Semantic Conventions for HTTP Spans. Up until version `1.8.1` the values written by `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will pass-through the raw query string as was sent or received (respectively). This may lead to sensitive information (e.g. EUII - End User Identifiable Information, credentials, etc.) being leaked into telemetry backends (depending on the application(s) being instrumented) which could cause privacy and/or security incidents. Note: Older versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` may use different tag names but have the same vulnerability. The `1.8.1` versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will now redact by default all values detected on transmitted or received query strings. Users are advised to upgrade. There are no known workarounds for this vulnerability. | -- | Apr 15, 2024 | n/a |
CVE-2024-32035 | ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation. The problem has been patched in v3.1.4 and v2.1.8. | -- | Apr 16, 2024 | n/a |
CVE-2024-32036 | ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp\'s JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8. | -- | Apr 16, 2024 | n/a |
CVE-2024-32038 | Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is fixed in Wazuh Manager 4.7.2. | -- | Apr 19, 2024 | n/a |
CVE-2024-32039 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default). | -- | Apr 17, 2024 | n/a |
CVE-2024-32040 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`). | -- | Apr 17, 2024 | n/a |
CVE-2024-32041 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead. | -- | Apr 17, 2024 | n/a |
CVE-2024-32042 | The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered. | -- | May 16, 2024 | n/a |
CVE-2024-32046 | Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored | -- | Apr 26, 2024 | n/a |
CVE-2024-32047 | Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production server. | -- | May 16, 2024 | n/a |
CVE-2024-32049 | BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | -- | May 8, 2024 | n/a |
CVE-2024-32051 | Insertion of sensitive information into log file issue exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may obtain sensitive information. | -- | Apr 24, 2024 | n/a |
CVE-2024-32053 | Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business application. | -- | May 16, 2024 | n/a |
CVE-2024-32055 | A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. | -- | May 14, 2024 | n/a |
CVE-2024-32057 | A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21562) | -- | May 14, 2024 | n/a |
CVE-2024-32058 | A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected application is vulnerable to memory corruption while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21563) | -- | May 14, 2024 | n/a |
CVE-2024-32059 | A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21564) | -- | May 14, 2024 | n/a |
CVE-2024-32060 | A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21565) | -- | May 14, 2024 | n/a |
CVE-2024-32061 | A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21566) | -- | May 14, 2024 | n/a |
CVE-2024-32062 | A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21568) | -- | May 14, 2024 | n/a |
CVE-2024-32063 | A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21573) | -- | May 14, 2024 | n/a |
CVE-2024-32064 | A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21575) | -- | May 14, 2024 | n/a |
CVE-2024-32065 | A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21577) | -- | May 14, 2024 | n/a |
CVE-2024-32066 | A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21578) | -- | May 14, 2024 | n/a |
CVE-2024-32077 | Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue. | -- | May 14, 2024 | n/a |
CVE-2024-32078 | URL Redirection to Untrusted Site (\'Open Redirect\') vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.44.7212. | -- | Apr 24, 2024 | n/a |
CVE-2024-32079 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2024.2. | -- | Apr 15, 2024 | n/a |
CVE-2024-32080 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Nick Pelton Search Keyword Redirect allows Stored XSS.This issue affects Search Keyword Redirect: from n/a through 1.0. | -- | Apr 11, 2024 | n/a |
CVE-2024-32082 | Cross-Site Request Forgery (CSRF) vulnerability in kp4coder Sync Post With Other Site allows Cross-Site Scripting (XSS).This issue affects Sync Post With Other Site: from n/a through 1.5.1. | -- | Apr 15, 2024 | n/a |
CVE-2024-32083 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Varun Kumar Easy Logo allows Stored XSS.This issue affects Easy Logo: from n/a through 1.9.3. | -- | Apr 11, 2024 | n/a |
CVE-2024-32084 | Cross-Site Request Forgery (CSRF) vulnerability in Gold Plugins Before And After.This issue affects Before And After: from n/a through 3.9. | -- | Apr 15, 2024 | n/a |
CVE-2024-32085 | Cross-Site Request Forgery (CSRF) vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a through 5.18.1. | -- | Apr 15, 2024 | n/a |
CVE-2024-32086 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a through 5.18.1. | -- | Apr 16, 2024 | n/a |
CVE-2024-32087 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in ExportFeed.Com Product Feed on WooCommerce for Google.This issue affects Product Feed on WooCommerce for Google: from n/a through 3.5.7. | -- | Apr 15, 2024 | n/a |
CVE-2024-32088 | Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.15.20. | -- | Apr 15, 2024 | n/a |
CVE-2024-32089 | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7. | -- | Apr 15, 2024 | n/a |
CVE-2024-32090 | Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27. | -- | Apr 15, 2024 | n/a |
CVE-2024-32091 | Cross-Site Request Forgery (CSRF) vulnerability in Tonjoo Sangar Slider.This issue affects Sangar Slider: from n/a through 1.3.2. | -- | Apr 15, 2024 | n/a |
CVE-2024-32092 | Cross-Site Request Forgery (CSRF) vulnerability in Michael Bester Kimili Flash Embed.This issue affects Kimili Flash Embed: from n/a through 2.5.3. | -- | Apr 15, 2024 | n/a |
CVE-2024-32093 | Cross-Site Request Forgery (CSRF) vulnerability in Nose Graze Novelist.This issue affects Novelist: from n/a through 1.2.2. | -- | Apr 15, 2024 | n/a |
CVE-2024-32094 | Cross-Site Request Forgery (CSRF) vulnerability in ChurchThemes Church Content – Sermons, Events and More.This issue affects Church Content – Sermons, Events and More: from n/a through 2.6. | -- | Apr 15, 2024 | n/a |
CVE-2024-32095 | Cross-Site Request Forgery (CSRF) vulnerability in MultiParcels MultiParcels Shipping For WooCommerce.This issue affects MultiParcels Shipping For WooCommerce: from n/a before 1.16.9. | -- | Apr 15, 2024 | n/a |
CVE-2024-32096 | Cross-Site Request Forgery (CSRF) vulnerability in DAEV.Tech WP Migration Plugin DB & Files – WP Synchro.This issue affects WP Migration Plugin DB & Files – WP Synchro: from n/a through 1.11.2. | -- | Apr 15, 2024 | n/a |
CVE-2024-32097 | Cross-Site Request Forgery (CSRF) vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress: from n/a through 4.1. | -- | Apr 15, 2024 | n/a |
CVE-2024-32098 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Page Visit Counter Advanced Page Visit Counter.This issue affects Advanced Page Visit Counter: from n/a through 8.0.6. | -- | Apr 15, 2024 | n/a |
CVE-2024-32099 | Cross-Site Request Forgery (CSRF) vulnerability in James Ward WP Mail Catcher.This issue affects WP Mail Catcher: from n/a through 2.1.6. | -- | Apr 15, 2024 | n/a |
CVE-2024-32100 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11. | -- | May 14, 2024 | n/a |