Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 231145 entries
IDDescriptionPriorityModified date
CVE-2024-38701 Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4. -- Jul 22, 2024
CVE-2024-38698 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in SKT Themes SKT Skill Bar allows Stored XSS.This issue affects SKT Skill Bar: from n/a through 2.0. -- Jul 22, 2024
CVE-2024-38697 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Ali Rahimi Goftino allows Stored XSS.This issue affects Goftino: from n/a through 1.6. -- Jul 22, 2024
CVE-2024-38696 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Zoho CRM Zoho CRM Lead Magnet allows Reflected XSS.This issue affects Zoho CRM Lead Magnet: from n/a through 1.7.8.8. -- Jul 22, 2024
CVE-2024-38694 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Moloni allows Reflected XSS.This issue affects Moloni: from n/a through 4.7.4. -- Jul 22, 2024
CVE-2024-38692 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11. -- Jul 22, 2024
CVE-2024-38689 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Garrett Grimm Simple Popup allows Stored XSS.This issue affects Simple Popup: from n/a through 4.4. -- Jul 22, 2024
CVE-2024-38687 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Techfyd Sky Addons for Elementor allows Stored XSS.This issue affects Sky Addons for Elementor: from n/a through 2.5.5. -- Jul 22, 2024
CVE-2024-38686 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Pluginic FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor allows Stored XSS.This issue affects FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor: from n/a through 5.3.1. -- Jul 22, 2024
CVE-2024-38685 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in SubscriptionPro WP Announcement allows Stored XSS.This issue affects WP Announcement: from n/a through 2.0.8. -- Jul 22, 2024
CVE-2024-38684 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in FunnelKit SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) allows Stored XSS.This issue affects SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels): from n/a through 1.4.1. -- Jul 22, 2024
CVE-2024-38683 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in iThemelandCo WooCommerce Report allows Reflected XSS.This issue affects WooCommerce Report: from n/a through 1.4.5. -- Jul 22, 2024
CVE-2024-38682 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Techeshta Post Layouts for Gutenberg allows Stored XSS.This issue affects Post Layouts for Gutenberg: from n/a through 1.2.7. -- Jul 22, 2024
CVE-2024-38681 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.1.41. -- Jul 22, 2024
CVE-2024-38680 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Appmaker Appmaker – Convert WooCommerce to Android & iOS Native Mobile Apps allows Reflected XSS.This issue affects Appmaker – Convert WooCommerce to Android & iOS Native Mobile Apps: from n/a through 1.36.12. -- Jul 22, 2024
CVE-2024-38679 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Yongki Agustinus Animated Typed JS Shortcode allows Stored XSS.This issue affects Animated Typed JS Shortcode: from n/a through 2.0. -- Jul 22, 2024
CVE-2024-38678 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Calendar.Online Calendar.Online / Kalender.Digital allows Stored XSS.This issue affects Calendar.Online / Kalender.Digital: from n/a through 1.0.8. -- Jul 22, 2024
CVE-2024-38677 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Reviews.Co.Uk REVIEWS.Io allows Stored XSS.This issue affects REVIEWS.Io: from n/a through 1.2.7. -- Jul 22, 2024
CVE-2024-38676 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Booking Ultra Pro allows Stored XSS.This issue affects Booking Ultra Pro: from n/a through 1.1.13. -- Jul 22, 2024
CVE-2024-38675 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.22.1. -- Jul 22, 2024
CVE-2024-38674 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 2.1. -- Jul 22, 2024
CVE-2024-38673 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Obtain Infotech Multisite Content Copier/Updater allows Reflected XSS.This issue affects Multisite Content Copier/Updater: from n/a through 1.5.0. -- Jul 22, 2024
CVE-2024-38672 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in namithjawahar AdPush allows Reflected XSS.This issue affects AdPush: from n/a through 1.50. -- Jul 22, 2024
CVE-2024-38671 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Martin Gibson WP GoToWebinar allows Stored XSS.This issue affects WP GoToWebinar: from n/a through 15.7. -- Jul 22, 2024
CVE-2024-38670 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Team Members allows Stored XSS.This issue affects Team Members: from n/a through 5.3.3. -- Jul 22, 2024
CVE-2024-38669 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in a3rev Software WooCommerce Predictive Search allows Reflected XSS.This issue affects WooCommerce Predictive Search: from n/a through 6.0.1. -- Jul 22, 2024
CVE-2024-38503 When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”. Users are recommended to upgrade to version 3.0.8, which fixes this issue. -- Jul 22, 2024
CVE-2024-38438 D-Link - CWE-294: Authentication Bypass by Capture-replay -- Jul 22, 2024
CVE-2024-38437 D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel -- Jul 22, 2024
CVE-2024-38436 Commugen SOX 365 – CWE-79: Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') -- Jul 22, 2024
CVE-2024-38435 Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service -- Jul 22, 2024
CVE-2024-38434 Unitronics Vision PLC – CWE-676: Use of Potentially Dangerous Function may allow security feature bypass -- Jul 22, 2024
CVE-2024-38176 An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network. -- Jul 23, 2024
CVE-2024-38164 An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link. -- Jul 23, 2024
CVE-2024-37998 A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affected applications can be reset without requiring the knowledge of the current password, given the auto login is enabled. This could allow an unauthorized attacker to obtain administrative access of the affected applications. -- Jul 22, 2024
CVE-2024-37961 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in codoc.Jp allows Stored XSS.This issue affects codoc: from n/a through 0.9.51.12. -- Jul 22, 2024
CVE-2024-37960 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Chris Coyier CodePen Embedded Pens Shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through 1.0.0. -- Jul 22, 2024
CVE-2024-37959 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Atlas Public Policy Power BI Embedded for WordPress allows Stored XSS.This issue affects Power BI Embedded for WordPress: from n/a through 1.1.7. -- Jul 22, 2024
CVE-2024-37958 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Meks Meks Smart Author Widget allows Stored XSS.This issue affects Meks Smart Author Widget: from n/a through 1.1.4. -- Jul 22, 2024
CVE-2024-37957 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in bradmax Bradmax Player allows Stored XSS.This issue affects Bradmax Player: from n/a through 1.1.27. -- Jul 22, 2024
CVE-2024-37956 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Vektor,Inc. VK All in One Expansion Unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through 9.98.1.0. -- Jul 22, 2024
CVE-2024-37955 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Zakaria Binsaifullah GutSlider – All in One Block Slider allows Stored XSS.This issue affects GutSlider – All in One Block Slider: from n/a through 2.7.3. -- Jul 22, 2024
CVE-2024-37954 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in marcelotorres Simple Responsive Slider allows Reflected XSS.This issue affects Simple Responsive Slider: from n/a through 0.2.2.5. -- Jul 22, 2024
CVE-2024-37953 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in MBE Worldwide S.P.A. MBE eShip allows Reflected XSS.This issue affects MBE eShip: from n/a through 2.1.2. -- Jul 22, 2024
CVE-2024-37951 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Noor alam Magical Posts Display – Elementor & Gutenberg Posts Blocks allows Stored XSS.This issue affects Magical Posts Display – Elementor & Gutenberg Posts Blocks: from n/a through 1.2.38. -- Jul 22, 2024
CVE-2024-37950 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in CodexHelp Master Popups allows Stored XSS.This issue affects Master Popups: from n/a through 1.0.3. -- Jul 22, 2024
CVE-2024-37949 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in CyberChimps Responsive Mobile allows Stored XSS.This issue affects Responsive Mobile: from n/a through 1.15.1. -- Jul 22, 2024
CVE-2024-37948 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in PootlePress Caxton – Create Pro page layouts in Gutenberg allows Stored XSS.This issue affects Caxton – Create Pro page layouts in Gutenberg: from n/a through 1.30.1. -- Jul 22, 2024
CVE-2024-37947 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.2. -- Jul 22, 2024
CVE-2024-37946 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in weDevs ReCaptcha Integration for WordPress allows Stored XSS.This issue affects ReCaptcha Integration for WordPress: from n/a through 1.2.5. -- Jul 22, 2024
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online