Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2021-4448 | Missing Authorization vulnerability in Kaswara Project Kaswara 3.0.1 The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. | 9.8 |
| 2024-10-16 | CVE-2021-4449 | Unrestricted Upload of File with Dangerous Type vulnerability in Digitalzoomstudio Zoomsounds The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. | 9.8 |
| 2024-10-16 | CVE-2024-9105 | The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3. | 9.8 |
| 2024-10-15 | CVE-2024-9486 | Use of Hard-coded Credentials vulnerability in Kubernetes Image Builder A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. | 9.8 |
| 2024-10-15 | CVE-2024-21172 | Unspecified vulnerability in Oracle Hospitality Opera 5 5.6.19.19/5.6.25.8/5.6.26.4 Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). | 9.0 |
| 2024-10-15 | CVE-2024-21216 | Unspecified vulnerability in Oracle Weblogic Server 12.2.1.4.0/14.1.1.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 9.8 |
| 2024-10-15 | CVE-2024-9986 | SQL Injection vulnerability in Fabianros Blood Bank Management System 1.0 A vulnerability was found in code-projects Blood Bank Management System 1.0. | 9.8 |
| 2024-10-15 | CVE-2024-45275 | The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices. | 9.8 |
| 2024-10-15 | CVE-2024-49388 | Authorization Bypass Through User-Controlled Key vulnerability in Acronis Cyber Protect 16 Sensitive information manipulation due to improper authorization. | 9.1 |
| 2024-10-15 | CVE-2024-9976 | SQL Injection vulnerability in Code-Projects Pharmacy Management System 1.0 A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. | 9.8 |