Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2020-36840 | Missing Authorization vulnerability in Motopress Timetable and Event Schedule The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. | 9.8 |
| 2024-10-16 | CVE-2020-36842 | Unrestricted Upload of File with Dangerous Type vulnerability in Wpvivid Migration, Backup, Staging The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX actions that allows low-level authenticated attackers to upload zip files that can be subsequently extracted. | 8.8 |
| 2024-10-16 | CVE-2021-4452 | Cross-site Scripting vulnerability in Gtranslate Google Language Translator The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-10-16 | CVE-2023-22649 | Information Exposure Through Log Files vulnerability in Suse Rancher 2.7.0/2.7.1/2.7.4 A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. | 6.5 |
| 2024-10-16 | CVE-2023-7295 | The Video Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-10-16 | CVE-2024-45461 | Missing Authorization vulnerability in Apache Cloudstack The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. | 6.3 |
| 2024-10-16 | CVE-2024-45462 | Unspecified vulnerability in Apache Cloudstack The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. | 7.1 |
| 2024-10-16 | CVE-2024-45693 | Unspecified vulnerability in Apache Cloudstack Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. | 8.8 |
| 2024-10-16 | CVE-2024-45710 | Uncontrolled Search Path Element vulnerability in Solarwinds Platform SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. | 7.8 |
| 2024-10-16 | CVE-2024-45711 | Path Traversal vulnerability in Solarwinds Serv-U SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. | 8.8 |