NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:April 29, 2024, 8:06 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1	9.4	CRITICAL Network	-	-	Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dialogue: from v1.83 b… New	CWE-732 Incorrect Permission Assignment for Critical Resource	CVE-2024-3375	2024-04-29 18:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

2	-	-	-	-	Missing Authorization vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.0. New	CWE-862 Missing Authorization	CVE-2024-33684	2024-04-29 18:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

3	-	-	-	-	Missing Authorization vulnerability in Mahesh Vora WP Page Post Widget Clone.This issue affects WP Page Post Widget Clone: from n/a through 1.0.1. New	-	CVE-2024-33636	2024-04-29 18:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

4	-	-	-	-	Missing Authorization vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. New	CWE-862 Missing Authorization	CVE-2024-33635	2024-04-29 18:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

5	-	-	-	-	Missing Authorization vulnerability in ProFaceOff SSU.This issue affects SSU: from n/a through 1.5.0. New	CWE-862 Missing Authorization	CVE-2024-33597	2024-04-29 18:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

6	-	-	-	-	Missing Authorization vulnerability in Five Star Plugins Five Star Restaurant Reservations.This issue affects Five Star Restaurant Reservations: from n/a through 2.6.16. New	CWE-862 Missing Authorization	CVE-2024-33596	2024-04-29 18:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

7	-	-	-	-	Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5. New	CWE-862 Missing Authorization	CVE-2024-33558	2024-04-29 18:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

8	-	-	-	-	Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to … New	CWE-256 Plaintext Storage of a Password	CVE-2024-28961	2024-04-29 18:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

9	-	-	-	-	URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Freshworks Freshdesk (official).This issue affects Freshdesk (official): from n/a through 2.3.6. Update	CWE-601 Open Redirect	CVE-2024-32129	2024-04-29 18:15	2024-04-15	Show	GitHub Exploit DB Packet Storm

10	-	-	-	-	Cross-Site Request Forgery (CSRF) vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode allows Cross Site Request Forgery.This issue affects WP Matterport Shortcode: from n/a throug… Update	CWE-352 Origin Validation Error	CVE-2024-32109	2024-04-29 18:15	2024-04-11	Show	GitHub Exploit DB Packet Storm

11	-	-	-	-	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0. Update	CWE-89 SQL Injection	CVE-2024-27956	2024-04-29 18:15	2024-03-22	Show	GitHub Exploit DB Packet Storm

12	8.8	HIGH Network	saas	disabler	Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler allows Cross Site Request Forgery.This issue affects Disabler: from n/a through 3.0.3. Update	CWE-352 Origin Validation Error	CVE-2023-37998	2024-04-29 18:15	2023-10-3	Show	GitHub Exploit DB Packet Storm

13	5.4	MEDIUM Network	rescuethemes	rescue_shortcodes	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a … Update	CWE-79 Cross-site Scripting	CVE-2023-41728	2024-04-29 18:15	2023-10-2	Show	GitHub Exploit DB Packet Storm

14	6.1	MEDIUM Network	incsub	forminator	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Forminator – Contact Form, Payment Form & Custom Form Builder allows Stored XSS.This iss… Update	CWE-79 Cross-site Scripting	CVE-2021-36821	2024-04-29 18:15	2023-03-17	Show	GitHub Exploit DB Packet Storm

15	8.2	HIGH Network	cusmin	absolutely_glamorous_custom_admin	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cusmin AGCA - Absolutely Glamorous Custom Admin (WordPress plugin) allows Stored XSS.This issue a… Update	CWE-79 Cross-site Scripting	CVE-2021-36823	2024-04-29 18:15	2021-09-24	Show	GitHub Exploit DB Packet Storm

16	-	-	-	-	Missing Authorization vulnerability in Real Big Plugins Client Dash.This issue affects Client Dash: from n/a through 2.2.1. New	CWE-862 Missing Authorization	CVE-2024-33652	2024-04-29 17:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

17	-	-	-	-	Deserialization of Untrusted Data vulnerability in Team Yoast Custom field finder.This issue affects Custom field finder: from n/a through 0.3. New	CWE-502 Deserialization of Untrusted Data	CVE-2024-33641	2024-04-29 17:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

18	-	-	-	-	Insertion of Sensitive Information into Log File vulnerability in Solid Plugins Solid Affiliate.This issue affects Solid Affiliate: from n/a through 1.9.1. New	CWE-532 Inclusion of Sensitive Information in Log Files	CVE-2024-33637	2024-04-29 17:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

19	-	-	-	-	Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2024-33634	2024-04-29 17:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

20	-	-	-	-	Server-Side Request Forgery (SSRF) vulnerability in Creative Motion Auto Featured Image (Auto Post Thumbnail).This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through 4.0.0. New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2024-33629	2024-04-29 17:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

21	-	-	-	-	Server-Side Request Forgery (SSRF) vulnerability in Cusmin Absolutely Glamorous Custom Admin.This issue affects Absolutely Glamorous Custom Admin: from n/a through 7.2.2. New	-	CVE-2024-33627	2024-04-29 17:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

22	-	-	-	-	URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Deepen Bajracharya Video Conferencing with Zoom.This issue affects Video Conferencing with Zoom: from n/a through 4.4.4. New	CWE-601 Open Redirect	CVE-2024-33584	2024-04-29 17:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

23	-	-	-	-	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta.This issue affects User Meta: from n/a through 3.0. New	CWE-200 Information Exposure	CVE-2024-33575	2024-04-29 17:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

24	-	-	-	-	Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4. New	CWE-862 Missing Authorization	CVE-2024-33566	2024-04-29 17:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

25	-	-	-	-	Deserialization of Untrusted Data vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5. New	CWE-502 Deserialization of Untrusted Data	CVE-2024-33553	2024-04-29 17:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

26	-	-	-	-	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Fastline Media LLC Assistant – Every Day Productivity Apps.This issue affects Assistant – Every Day Productivity Apps: from… New	CWE-200 Information Exposure	CVE-2024-33538	2024-04-29 17:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

27	-	-	-	-	A vulnerability was found in MailCleaner up to 2023.03.14. It has been declared as critical. This vulnerability affects unknown code of the file /mailcleaner.php/getStats of the component SOAP Servic… New	-	CVE-2024-3196	2024-04-29 16:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

28	-	-	-	-	A vulnerability was found in MailCleaner up to 2023.03.14. It has been classified as critical. This affects an unknown part of the component Admin Endpoints. The manipulation leads to path traversal.… New	CWE-22 Path Traversal	CVE-2024-3195	2024-04-29 16:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

29	-	-	-	-	A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation lead… New	CWE-79 Cross-site Scripting	CVE-2024-3194	2024-04-29 16:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

30	-	-	-	-	A vulnerability has been found in MailCleaner up to 2023.03.14 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Admin Endpoints. The manipulatio… New	CWE-78 OS Command	CVE-2024-3193	2024-04-29 16:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

31	-	-	-	-	A vulnerability, which was classified as problematic, was found in MailCleaner up to 2023.03.14. Affected is an unknown function of the component Admin Interface. The manipulation leads to cross site… New	CWE-79 Cross-site Scripting	CVE-2024-3192	2024-04-29 16:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

32	-	-	-	-	A vulnerability, which was classified as critical, has been found in MailCleaner up to 2023.03.14. This issue affects some unknown processing of the component Email Handler. The manipulation leads to… New	CWE-78 OS Command	CVE-2024-3191	2024-04-29 16:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

33	-	-	-	-	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. New	CWE-89 SQL Injection	CVE-2024-33546	2024-04-29 16:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

34	-	-	-	-	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. New	CWE-89 SQL Injection	CVE-2024-33544	2024-04-29 16:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

35	-	-	-	-	A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate inst… Update	CWE-400 Uncontrolled Resource Consumption	CVE-2024-1300	2024-04-29 16:15	2024-04-2	Show	GitHub Exploit DB Packet Storm

36	-	-	-	-	A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to differe… Update	-	CVE-2024-1023	2024-04-29 16:15	2024-03-27	Show	GitHub Exploit DB Packet Storm

37	8.8	HIGH Network	-	-	ArmorX Android APP's multi-factor authentication (MFA) for the login function is not properly implemented. Remote attackers who obtain user credentials can bypass MFA, allowing them to successfully l… New	CWE-287 Improper Authentication	CVE-2024-4303	2024-04-29 15:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

38	6.1	MEDIUM Network	-	-	Super 8 Live Chat online customer service platform fails to properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. When the message recipie… New	-	CVE-2024-4302	2024-04-29 15:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

39	-	-	-	-	In Telegram WebK before 2.0.0 (488), a crafted Mini Web App allows XSS via the postMessage web_app_open_link event type. New	-	CVE-2024-33905	2024-04-29 15:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

40	-	-	-	-	In plugins/HookSystem.cpp in Hyprland through 0.39.1 (before 28c8561), through a race condition, a local attacker can cause execution of arbitrary assembly code by writing to a predictable temporary … New	-	CVE-2024-33904	2024-04-29 15:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

41	-	-	-	-	Missing Authorization vulnerability in Extend Themes Pathway, Extend Themes Hugo WP, Extend Themes Althea WP, Extend Themes Elevate WP, Extend Themes Brite, Extend Themes Colibri WP, Extend Themes Ve… New	CWE-862 Missing Authorization	CVE-2024-33686	2024-04-29 15:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

42	-	-	-	-	Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Regenerate post permalink allows Cross-Site Scripting (XSS).This issue affects Regenerate post permalink: from n/a through 1.0.3. New	CWE-352 Origin Validation Error	CVE-2024-33681	2024-04-29 15:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

43	-	-	-	-	Cross-Site Request Forgery (CSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. New	CWE-352 Origin Validation Error	CVE-2024-33632	2024-04-29 15:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

44	-	-	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Stored XSS.This issue affects Piotnet Addons For … New	-	CVE-2024-33631	2024-04-29 15:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

45	-	-	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elem… New	CWE-79 Cross-site Scripting	CVE-2024-33630	2024-04-29 15:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

46	-	-	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infomaniak Staff VOD Infomaniak allows Reflected XSS.This issue affects VOD Infomaniak: from n/a … New	CWE-79 Cross-site Scripting	CVE-2024-33571	2024-04-29 15:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

47	-	-	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore allows Reflected XSS.This issue affects XStore: from n/a through 9.3.5. New	CWE-79 Cross-site Scripting	CVE-2024-33562	2024-04-29 15:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

48	-	-	-	-	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5. New	CWE-89 SQL Injection	CVE-2024-33559	2024-04-29 15:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

49	-	-	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core allows Reflected XSS.This issue affects XStore Core: from n/a through 5.3.5. New	CWE-79 Cross-site Scripting	CVE-2024-33554	2024-04-29 15:15	2024-04-29	Show	GitHub Exploit DB Packet Storm

50	-	-	-	-	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore Core allows SQL Injection.This issue affects XStore Core: from n/a through 5.3.5. New	CWE-89 SQL Injection	CVE-2024-33551	2024-04-29 15:15	2024-04-29	Show	GitHub Exploit DB Packet Storm