The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2024-44033 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.5.7. | -- | Oct 6, 2024 | n/a |
CVE-2024-44034 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Martin Greenwood WPSPX allows PHP Local File Inclusion.This issue affects WPSPX: from n/a through 1.0.2. | -- | Oct 5, 2024 | n/a |
CVE-2024-44035 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in TemeGUM Gum Elementor Addon allows Stored XSS.This issue affects Gum Elementor Addon: from n/a through 1.3.7. | -- | Oct 6, 2024 | n/a |
CVE-2024-44036 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Pierre Lebedel Kodex Posts likes allows Stored XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0. | -- | Oct 6, 2024 | n/a |
CVE-2024-44037 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in MagePeople Team Multipurpose Ticket Booking Manager allows Stored XSS.This issue affects Multipurpose Ticket Booking Manager: from n/a through 4.2.2. | -- | Oct 6, 2024 | n/a |
CVE-2024-44038 | Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.9. | -- | Nov 1, 2024 | n/a |
CVE-2024-44039 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in WP Travel allows Stored XSS.This issue affects WP Travel: from n/a through 9.3.1. | -- | Oct 6, 2024 | n/a |
CVE-2024-44040 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Plainware ShiftController Employee Shift Scheduling allows Stored XSS.This issue affects ShiftController Employee Shift Scheduling: from n/a through 4.9.64. | -- | Oct 6, 2024 | n/a |
CVE-2024-44041 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Martin Gibson IdeaPush allows Stored XSS.This issue affects IdeaPush: from n/a through 8.66. | -- | Oct 6, 2024 | n/a |
CVE-2024-44042 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Fahad Mahmood WP Datepicker allows Stored XSS.This issue affects WP Datepicker: from n/a through 2.1.1. | -- | Oct 6, 2024 | n/a |
CVE-2024-44043 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in 10Web Photo Gallery by 10Web allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.27. | -- | Oct 6, 2024 | n/a |
CVE-2024-44045 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Kevon Adonis WP Abstracts allows Stored XSS.This issue affects WP Abstracts: from n/a through 2.6.5. | -- | Oct 6, 2024 | n/a |
CVE-2024-44046 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Themify Themify – WooCommerce Product Filter allows Stored XSS.This issue affects Themify – WooCommerce Product Filter: from n/a through 1.5.1. | -- | Oct 6, 2024 | n/a |
CVE-2024-44047 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in IDX Broker IMPress for IDX Broker allows Stored XSS.This issue affects IMPress for IDX Broker: from n/a through 3.2.2. | -- | Sep 17, 2024 | n/a |
CVE-2024-44048 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce allows PHP Local File Inclusion.This issue affects Product Carousel Slider & Grid Ultimate for WooCommerce: from n/a through 1.9.10. | -- | Sep 23, 2024 | n/a |
CVE-2024-44049 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in ThemeHunk Gutenberg Blocks – Unlimited blocks For Gutenberg allows Stored XSS.This issue affects Gutenberg Blocks – Unlimited blocks For Gutenberg: from n/a through 1.2.7. | -- | Sep 17, 2024 | n/a |
CVE-2024-44050 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in CryoutCreations Verbosa allows Stored XSS.This issue affects Verbosa: from n/a through 1.2.3. | -- | Sep 17, 2024 | n/a |
CVE-2024-44051 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through 3.3.5. | -- | Sep 17, 2024 | n/a |
CVE-2024-44052 | Missing Authorization vulnerability in HelloAsso allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HelloAsso: from n/a through 1.1.10. | -- | Nov 1, 2024 | n/a |
CVE-2024-44053 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Mohammad Arif Opor Ayam allows Reflected XSS.This issue affects Opor Ayam: from n/a through 1.8. | -- | Sep 16, 2024 | n/a |
CVE-2024-44054 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in CryoutCreations Fluida allows Stored XSS.This issue affects Fluida: from n/a through 1.8.8. | -- | Sep 16, 2024 | n/a |
CVE-2024-44056 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in CryoutCreations Mantra allows Stored XSS.This issue affects Mantra: from n/a through 3.3.2. | -- | Sep 16, 2024 | n/a |
CVE-2024-44057 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in CryoutCreations Nirvana allows Stored XSS.This issue affects Nirvana: from n/a through 1.6.3. | -- | Sep 16, 2024 | n/a |
CVE-2024-44058 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in CryoutCreations Parabola allows Stored XSS.This issue affects Parabola: from n/a through 2.4.1. | -- | Sep 16, 2024 | n/a |
CVE-2024-44059 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in MediaRon LLC Custom Query Blocks allows Stored XSS.This issue affects Custom Query Blocks: from n/a through 5.3.1. | -- | Sep 16, 2024 | n/a |
CVE-2024-44060 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Jennifer Hall Filmix allows Reflected XSS.This issue affects Filmix: from n/a through 1.1. | -- | Sep 16, 2024 | n/a |
CVE-2024-44061 | : Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPFactory EU/UK VAT Manager for WooCommerce allows Cross-Site Scripting (XSS).This issue affects EU/UK VAT Manager for WooCommerce: from n/a through 2.12.14. | -- | Oct 21, 2024 | n/a |
CVE-2024-44062 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6.5. | -- | Sep 16, 2024 | n/a |
CVE-2024-44063 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0. | -- | Sep 16, 2024 | n/a |
CVE-2024-44064 | Cross-Site Request Forgery (CSRF) vulnerability in LikeBtn Like Button Rating allows Cross-Site Scripting (XSS).This issue affects Like Button Rating: from n/a through 2.6.54. | -- | Sep 17, 2024 | n/a |
CVE-2024-44067 | The T-Head XuanTie C910 CPU in the TH1520 SoC and the T-Head XuanTie C920 CPU in the SOPHON SG2042 have instructions that allow unprivileged attackers to write to arbitrary physical memory locations, aka GhostWrite. | -- | Aug 20, 2024 | n/a |
CVE-2024-44068 | An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation. | -- | Oct 10, 2024 | n/a |
CVE-2024-44069 | Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of the web dashboard. NOTE: the supplier reportedly does not consider the bug a security issue but the specific motivation for letting arbitrary persons change the value (Celsius, Fahrenheit, or Kelvin), seen by the device owner, is unclear. | -- | Aug 19, 2024 | n/a |
CVE-2024-44070 | An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value. | -- | Aug 19, 2024 | n/a |
CVE-2024-44072 | OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected product from the product\'s specific management page, an arbitrary OS command may be executed. | -- | Sep 10, 2024 | n/a |
CVE-2024-44073 | The Miniscript (aka rust-miniscript) library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth. | -- | Aug 19, 2024 | n/a |
CVE-2024-44076 | In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access. | -- | Aug 19, 2024 | n/a |
CVE-2024-44080 | In Jitsi Meet before 2.0.9779, the functionality to share an image using giphy was implemented in an insecure way, resulting in clients loading GIFs from any arbitrary URL if a message from another participant contains a URL encoded in the expected format. | -- | Oct 29, 2024 | n/a |
CVE-2024-44081 | In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another participant contains a URL encoded in the expected format. | -- | Oct 29, 2024 | n/a |
CVE-2024-44082 | In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1. | -- | Sep 6, 2024 | n/a |
CVE-2024-44083 | ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked. NOTE: in many use cases, this is an inconvenience but not a security issue. | -- | Aug 19, 2024 | n/a |
CVE-2024-44085 | ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 and CVE-2023-50883. | -- | Sep 10, 2024 | n/a |
CVE-2024-44087 | A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification. | -- | Sep 10, 2024 | n/a |
CVE-2024-44092 | In TBD of TBD, there is a possible LCS signing enforcement missing due to test/debugging code left in a production build. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | -- | Sep 16, 2024 | n/a |
CVE-2024-44093 | In ppmp_unprotect_buf of drm/code/drm_fw.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | -- | Sep 16, 2024 | n/a |
CVE-2024-44094 | In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | -- | Sep 16, 2024 | n/a |
CVE-2024-44095 | In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible corrupt memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | -- | Sep 16, 2024 | n/a |
CVE-2024-44096 | there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | -- | Sep 16, 2024 | n/a |
CVE-2024-44097 | According to the researcher: The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. The attacker could the either send the client a malicious response, or forward the (possibly modified) data to the real server. | -- | Oct 4, 2024 | n/a |
CVE-2024-44098 | In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | -- | Oct 25, 2024 | n/a |