Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 193735 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2024-53723 Cross-Site Request Forgery (CSRF) vulnerability in A.Cihangir BALTACI Google Plus Share and +1 Button allows Stored XSS.This issue affects Google Plus Share and +1 Button: from n/a through 1.0. -- Dec 2, 2024 n/a
CVE-2024-53722 Cross-Site Request Forgery (CSRF) vulnerability in Rockemmusic Favicon My Blog allows Stored XSS.This issue affects Favicon My Blog: from n/a through 1.0.2. -- Dec 2, 2024 n/a
CVE-2024-53721 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Stachethemes Advanced Event Manager allows Stored XSS.This issue affects Advanced Event Manager: from n/a through 1.1.6. -- Dec 2, 2024 n/a
CVE-2024-53720 Cross-Site Request Forgery (CSRF) vulnerability in ole1986 , MachineITSvcs WP-ISPConfig 3 allows Stored XSS.This issue affects WP-ISPConfig 3: from n/a through 1.5.6. -- Dec 2, 2024 n/a
CVE-2024-53719 Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Zajax – Ajax Navigation allows Stored XSS.This issue affects Zajax – Ajax Navigation: from n/a through 0.4. -- Dec 2, 2024 n/a
CVE-2024-53718 Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Multi Feed Reader allows Stored XSS.This issue affects Multi Feed Reader: from n/a through 2.2.4. -- Dec 2, 2024 n/a
CVE-2024-53717 Cross-Site Request Forgery (CSRF) vulnerability in Yonatan Reinberg yPHPlista allows Stored XSS.This issue affects yPHPlista: from n/a through 1.1.1. -- Dec 2, 2024 n/a
CVE-2024-53716 Cross-Site Request Forgery (CSRF) vulnerability in overtrue wp auto top allows Stored XSS.This issue affects wp auto top: from n/a through 2.9.3. -- Dec 2, 2024 n/a
CVE-2024-53715 Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Simple Travel Map allows Stored XSS.This issue affects Simple Travel Map: from n/a through 0.1. -- Dec 2, 2024 n/a
CVE-2024-53714 Cross-Site Request Forgery (CSRF) vulnerability in Arrow Design Continue Shopping From Cart allows Stored XSS.This issue affects Continue Shopping From Cart: from n/a through 1.3. -- Dec 2, 2024 n/a
CVE-2024-53713 Cross-Site Request Forgery (CSRF) vulnerability in Alain Diart for les-sushi-codeurs.fr & Eric Ambrosi for regart.net Silverlight Video Player allows Stored XSS.This issue affects Silverlight Video Player: from n/a through 1.0. -- Dec 2, 2024 n/a
CVE-2024-53712 Cross-Site Request Forgery (CSRF) vulnerability in Kevin McCabe Kevin\'s allows Stored XSS.This issue affects Kevin\'s: from n/a through 2.0.0. -- Dec 2, 2024 n/a
CVE-2024-53711 Cross-Site Request Forgery (CSRF) vulnerability in Jean-Marc BIANCA Hotlink2Watermark allows Stored XSS.This issue affects Hotlink2Watermark: from n/a through 0.3.2. -- Dec 2, 2024 n/a
CVE-2024-53710 Cross-Site Request Forgery (CSRF) vulnerability in ITERAS ITERAS allows Stored XSS.This issue affects ITERAS: from n/a through 1.7.0. -- Dec 2, 2024 n/a
CVE-2024-53709 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in bdevs Generic Elements allows DOM-Based XSS.This issue affects Generic Elements: from n/a through 1.2.3. -- Dec 2, 2024 n/a
CVE-2024-53708 Missing Authorization vulnerability in AutoQuiz AI Quiz allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AI Quiz: from n/a through 1.1. -- Dec 2, 2024 n/a
CVE-2024-53707 Cross-Site Request Forgery (CSRF) vulnerability in Ahmet ?mamo?lu Ahmeti Wp Güzel Sözler allows Cross Site Request Forgery.This issue affects Ahmeti Wp Güzel Sözler: from n/a through 4.0. -- Dec 2, 2024 n/a
CVE-2024-53703 A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution. -- Dec 5, 2024 n/a
CVE-2024-53702 Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret. -- Dec 5, 2024 n/a
CVE-2024-53701 Multiple FCNT Android devices provide the original security features such as privacy mode where arbitrary applications can be set not to be displayed, etc. Under certain conditions, and when an attacker can directly operate the device which its screen is unlocked by a user, the provided security features\' setting pages may be exposed and/or the settings may be altered, without authentication. For example, specific applications in the device configured to be hidden may be displayed and/or activated. -- Nov 29, 2024 n/a
CVE-2024-53676 A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution. -- Nov 27, 2024 n/a
CVE-2024-53675 An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. -- Nov 26, 2024 n/a
CVE-2024-53674 An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. -- Nov 26, 2024 n/a
CVE-2024-53673 A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code. -- Nov 26, 2024 n/a
CVE-2024-53672 A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system. -- Dec 3, 2024 n/a
CVE-2024-53635 A Reflected Cross Site Scripting (XSS) vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata POST request parameter. -- Nov 27, 2024 n/a
CVE-2024-53623 Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information. -- Dec 2, 2024 n/a
CVE-2024-53620 A cross-site scripting (XSS) vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter. -- Nov 26, 2024 n/a
CVE-2024-53619 An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file. -- Nov 26, 2024 n/a
CVE-2024-53617 A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload. -- Dec 2, 2024 n/a
CVE-2024-53614 A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive data and execute arbitrary commands with elevated privileges. -- Dec 4, 2024 n/a
CVE-2024-53605 Incorrect access control in the component content://com.handcent.messaging.provider.MessageProvider/ of Handcent NextSMS v10.9.9.7 allows attackers to access sensitive data. -- Dec 4, 2024 n/a
CVE-2024-53604 A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter. -- Nov 27, 2024 n/a
CVE-2024-53603 A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter. -- Nov 27, 2024 n/a
CVE-2024-53599 A cross-site scripting (XSS) vulnerability in the /scroll.php endpoint of LafeLabs Chaos v0.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. -- Nov 25, 2024 n/a
CVE-2024-53597 masterstack_imgcap v0.0.1 was discovered to contain a SQL injection vulnerability via the endpoint /submit. -- Nov 25, 2024 n/a
CVE-2024-53589 GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library\'s handling of tekhex format files. -- Dec 5, 2024 n/a
CVE-2024-53566 An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal. -- Dec 2, 2024 n/a
CVE-2024-53564 A serious vulnerability was discovered in FreePBX 17.0.19.17. FreePBX does not verify the type of uploaded files and does not restrict user access paths, allowing attackers to remotely control the FreePBX server by uploading malicious files with malicious content and accessing the default directory where the files are uploaded. This will result in particularly serious consequences. -- Dec 3, 2024 n/a
CVE-2024-53556 An Open Redirect vulnerability in Taiga v6.8.1 allows attackers to redirect users to arbitrary websites via appending a crafted link to /login?next= in the login page URL. -- Nov 25, 2024 n/a
CVE-2024-53555 A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file. -- Nov 26, 2024 n/a
CVE-2024-53554 A Client-Side Template Injection (CSTI) vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details. -- Nov 26, 2024 n/a
CVE-2024-53523 JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vulnerable to Directory Traversal in the find_by_file function. -- Dec 5, 2024 n/a
CVE-2024-53507 A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems. -- Dec 2, 2024 n/a
CVE-2024-53506 A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs. -- Dec 2, 2024 n/a
CVE-2024-53505 A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent. -- Dec 2, 2024 n/a
CVE-2024-53504 A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory. -- Dec 2, 2024 n/a
CVE-2024-53502 Seecms v4.8 was discovered to contain a SQL injection vulnerability in the SEMCMS_SeoAndTag.php page. -- Dec 4, 2024 n/a
CVE-2024-53490 Favorites-web 1.3.0 favorites-web has a directory traversal vulnerability in SecurityFilter.java. -- Dec 5, 2024 n/a
CVE-2024-53484 Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard-coded JWT signing key. -- Dec 3, 2024 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online