The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2024-25925 | Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12. | -- | Feb 26, 2024 | n/a |
| CVE-2024-25915 | Server-Side Request Forgery (SSRF) vulnerability in Raaj Trambadia Pexels: Free Stock Photos.This issue affects Pexels: Free Stock Photos: from n/a through 1.2.2. | -- | Feb 23, 2024 | n/a |
| CVE-2024-25913 | Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | -- | Feb 26, 2024 | n/a |
| CVE-2024-25909 | Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. | -- | Feb 26, 2024 | n/a |
| CVE-2024-25770 | libming 0.4.8 contains a memory leak vulnerability in /libming/src/actioncompiler/listaction.c. | -- | Feb 26, 2024 | n/a |
| CVE-2024-25768 | OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in /OpenDMARC/libopendmarc/opendmarc_policy.c. | -- | Feb 26, 2024 | n/a |
| CVE-2024-25767 | nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c. | -- | Feb 26, 2024 | n/a |
| CVE-2024-25763 | openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c. | -- | Feb 26, 2024 | n/a |
| CVE-2024-25760 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Feb 26, 2024 | n/a |
| CVE-2024-25751 | A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetSysTime function. | -- | Feb 26, 2024 | n/a |
| CVE-2024-25730 | Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a Hitron substring, resulting in insufficient entropy (only about one million possibilities). | -- | Feb 26, 2024 | n/a |
| CVE-2024-25629 | c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist. | -- | Feb 23, 2024 | n/a |
| CVE-2024-25469 | SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component. | -- | Feb 26, 2024 | n/a |
| CVE-2024-25410 | flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in update_setting.php. | -- | Feb 26, 2024 | n/a |
| CVE-2024-25344 | Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe attacker to execute arbitrary code and obtain sensitive information via the settings.php, settings+company.php, settings_defaults.php,settings_integrations.php, settings_invoice.php, settings_localization.php, settings_mail.php components. | -- | Feb 26, 2024 | n/a |
| CVE-2024-25248 | SQL Injection vulnerability in the orderGoodsDelivery() function in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via the order_id parameter. | -- | Feb 26, 2024 | n/a |
| CVE-2024-25247 | SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via latitude and longitude parameters. | -- | Feb 26, 2024 | n/a |
| CVE-2024-25166 | Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file. | -- | Feb 27, 2024 | n/a |
| CVE-2024-24784 | The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers. | -- | Feb 25, 2024 | n/a |
| CVE-2024-24721 | An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel | -- | Feb 27, 2024 | n/a |
| CVE-2024-24720 | An issue was discovered on Innovaphone PBX before 14r1 devices. It provides different responses to incoming requests in a way that reveals information to an attacker. | -- | Feb 27, 2024 | n/a |
| CVE-2024-24714 | Unrestricted Upload of File with Dangerous Type vulnerability in bPlugins LLC Icons Font Loader.This issue affects Icons Font Loader: from n/a through 1.1.4. | -- | Feb 26, 2024 | n/a |
| CVE-2024-24681 | An issue was discovered in Yealink Configuration Encrypt Tool (AES version) and Yealink Configuration Encrypt Tool (RSA version before 1.2). There is a single hardcoded key (used to encrypt provisioning documents) across customers\' installations. | -- | Feb 26, 2024 | n/a |
| CVE-2024-24564 | Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability affects 0.3.10 and earlier versions. | -- | Feb 26, 2024 | n/a |
| CVE-2024-24528 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Feb 26, 2024 | n/a |
| CVE-2024-24402 | An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component. | -- | Feb 26, 2024 | n/a |
| CVE-2024-24401 | SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component. | -- | Feb 26, 2024 | n/a |
| CVE-2024-24310 | In the module Generate barcode on invoice / delivery slip (ecgeneratebarcode) from Ether Creation <= 1.2.0 for PrestaShop, a guest can perform SQL injection. | -- | Feb 26, 2024 | n/a |
| CVE-2024-24309 | In the module Survey TMA (ecomiz_survey_tma) up to version 2.0.0 from Ecomiz for PrestaShop, a guest can download personal information without restriction. | -- | Feb 26, 2024 | n/a |
| CVE-2024-24100 | Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via PublisherID. | -- | Feb 27, 2024 | n/a |
| CVE-2024-24099 | Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information Update. | -- | Feb 27, 2024 | n/a |
| CVE-2024-24096 | Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via BookSBIN. | -- | Feb 27, 2024 | n/a |
| CVE-2024-24095 | Code-projects Simple Stock System 1.0 is vulnerable to SQL Injection. | -- | Feb 27, 2024 | n/a |
| CVE-2024-23605 | A heap-based buffer overflow vulnerability exists in the GGUF library header.n_kv functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | -- | Feb 26, 2024 | n/a |
| CVE-2024-23496 | A heap-based buffer overflow vulnerability exists in the GGUF library gguf_fread_str functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | -- | Feb 26, 2024 | n/a |
| CVE-2024-23320 | Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn\'t fix it completely in CVE-2023-49299, and we added one more patch to fix it. This issue affects Apache DolphinScheduler: until 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. | -- | Feb 23, 2024 | n/a |
| CVE-2024-22988 | An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/ component. | -- | Feb 26, 2024 | n/a |
| CVE-2024-22917 | SQL injection vulnerability in Dynamic Lab Management System Project in PHP v.1.0 allows a remote attacker to execute arbitrary code via a crafted script. | -- | Feb 27, 2024 | n/a |
| CVE-2024-22873 | Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery (SSRF) via the event subscription function (/service/subscription.go). This vulnerability allows attackers to access internal requests via a crafted POST request. | -- | Feb 26, 2024 | n/a |
| CVE-2024-22776 | Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-based input fields without proper validation, excluding those requiring specific formats like date fields. | -- | Feb 23, 2024 | n/a |
| CVE-2024-22544 | An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attackers to execute arbitrary code via the setDateTime function. | -- | Feb 27, 2024 | n/a |
| CVE-2024-22543 | An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/* URI or via the ExportSettings function. | -- | Feb 27, 2024 | n/a |
| CVE-2024-22395 | Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user\'s MFA mobile application. | -- | Feb 26, 2024 | n/a |
| CVE-2024-22371 | Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue. | -- | Feb 26, 2024 | n/a |
| CVE-2024-22243 | Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. | -- | Feb 23, 2024 | n/a |
| CVE-2024-22201 | Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6. | -- | Feb 26, 2024 | n/a |
| CVE-2024-21836 | A heap-based buffer overflow vulnerability exists in the GGUF library header.n_tensors functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | -- | Feb 26, 2024 | n/a |
| CVE-2024-21825 | A heap-based buffer overflow vulnerability exists in the GGUF library GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | -- | Feb 26, 2024 | n/a |
| CVE-2024-21802 | A heap-based buffer overflow vulnerability exists in the GGUF library info->ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | -- | Feb 26, 2024 | n/a |
| CVE-2024-21502 | Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable\'s actual value it could be arbitrary free(), arbitrary realloc(), null pointer dereference and other. Since the stack can be controlled by the attacker, the vulnerability could be used to corrupt allocator structure, leading to possible heap exploitation. The attacker could cause denial of service by exploiting this vulnerability. | -- | Feb 26, 2024 | n/a |
