The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2024-22476 | Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access. | -- | May 16, 2024 | n/a |
| CVE-2024-22477 | A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only. | -- | Jul 9, 2024 | n/a |
| CVE-2024-22490 | Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the /index keyword parameter. | -- | Jan 23, 2024 | n/a |
| CVE-2024-22491 | A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter. | -- | Jan 16, 2024 | n/a |
| CVE-2024-22492 | A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML. | -- | Jan 12, 2024 | n/a |
| CVE-2024-22493 | A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML. | -- | Jan 12, 2024 | n/a |
| CVE-2024-22494 | A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML. | -- | Jan 12, 2024 | n/a |
| CVE-2024-22496 | Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter. | -- | Jan 23, 2024 | n/a |
| CVE-2024-22497 | Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL. | -- | Jan 23, 2024 | n/a |
| CVE-2024-22513 | djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method. | -- | Mar 17, 2024 | n/a |
| CVE-2024-22514 | An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file. | -- | Feb 7, 2024 | n/a |
| CVE-2024-22515 | Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component. | -- | Feb 7, 2024 | n/a |
| CVE-2024-22519 | An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to impersonate other drones via transmission of crafted data packets. | -- | Feb 7, 2024 | n/a |
| CVE-2024-22520 | An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets. | -- | Feb 7, 2024 | n/a |
| CVE-2024-22523 | Directory Traversal vulnerability in Qiyu iFair version 23.8_ad0 and before, allows remote attackers to obtain sensitive information via uploadimage component. | -- | Jan 30, 2024 | n/a |
| CVE-2024-22524 | dnspod-sr 0dfbd37 is vulnerable to buffer overflow. | -- | Jun 6, 2024 | n/a |
| CVE-2024-22525 | dnspod-sr 0dfbd37 contains a SEGV. | -- | Jun 6, 2024 | n/a |
| CVE-2024-22526 | Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial of service (DoS) via exr image file. | -- | Apr 12, 2024 | n/a |
| CVE-2024-22529 | TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (handle function of formUploadFile) of /bin/boa. | -- | Jan 25, 2024 | n/a |
| CVE-2024-22532 | Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file. | -- | Feb 29, 2024 | n/a |
| CVE-2024-22533 | Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution. | -- | Feb 2, 2024 | n/a |
| CVE-2024-22543 | An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/* URI or via the ExportSettings function. | -- | Feb 27, 2024 | n/a |
| CVE-2024-22544 | An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attackers to execute arbitrary code via the setDateTime function. | -- | Feb 27, 2024 | n/a |
| CVE-2024-22545 | An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. The attack can be launched remotely. | -- | Jan 26, 2024 | n/a |
| CVE-2024-22546 | TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request. | -- | Apr 30, 2024 | n/a |
| CVE-2024-22547 | WayOS IBR-7150 <17.06.23 is vulnerable to Cross Site Scripting (XSS). | -- | Feb 23, 2024 | n/a |
| CVE-2024-22548 | FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section. | -- | Jan 18, 2024 | n/a |
| CVE-2024-22549 | FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section. | -- | Jan 18, 2024 | n/a |
| CVE-2024-22550 | An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file. | -- | Jan 26, 2024 | n/a |
| CVE-2024-22551 | WhatACart v2.0.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /site/default/search. | -- | Jan 26, 2024 | n/a |
| CVE-2024-22559 | LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field. | -- | Jan 29, 2024 | n/a |
| CVE-2024-22562 | swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dict_foreach_keyvalue at swftools/lib/q.c. | -- | Jan 19, 2024 | n/a |
| CVE-2024-22563 | openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. | -- | Jan 19, 2024 | n/a |
| CVE-2024-22567 | File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do. | -- | Feb 6, 2024 | n/a |
| CVE-2024-22568 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del. | -- | Jan 18, 2024 | n/a |
| CVE-2024-22569 | Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0. | -- | Jan 31, 2024 | n/a |
| CVE-2024-22570 | A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | -- | Jan 30, 2024 | n/a |
| CVE-2024-22588 | Kwik commit 745fd4e2 does not discard unused encryption keys. | -- | May 24, 2024 | n/a |
| CVE-2024-22590 | The TLS engine in Kwik commit 745fd4e2 does not track the current state of the connection. This vulnerability can allow Client Hello messages to be overwritten at any time, including after a connection has been established. | -- | May 28, 2024 | n/a |
| CVE-2024-22591 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save. | -- | Jan 18, 2024 | n/a |
| CVE-2024-22592 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update | -- | Jan 18, 2024 | n/a |
| CVE-2024-22593 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save | -- | Jan 18, 2024 | n/a |
| CVE-2024-22601 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save | -- | Jan 18, 2024 | n/a |
| CVE-2024-22603 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link | -- | Jan 18, 2024 | n/a |
| CVE-2024-22625 | Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_category.php?id=. | -- | Jan 16, 2024 | n/a |
| CVE-2024-22626 | Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_retailer.php?id=. | -- | Jan 16, 2024 | n/a |
| CVE-2024-22627 | Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_distributor.php?id=. | -- | Jan 16, 2024 | n/a |
| CVE-2024-22628 | Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end= | -- | Jan 16, 2024 | n/a |
| CVE-2024-22632 | Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hmsg parameter. This vulnerability is triggered via a crafted POST request. | -- | Apr 26, 2024 | n/a |
| CVE-2024-22633 | Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hprinter parameter. This vulnerability is triggered via a crafted POST request. | -- | Apr 26, 2024 | n/a |
