| 2024-10-16 | CVE-2020-36837 | The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. network low complexity CWE-862 critical | 9.9 |
| 2024-10-16 | CVE-2021-4443 | The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. network low complexity CWE-434 critical | 9.8 |
| 2024-10-16 | CVE-2021-4448 | Missing Authorization vulnerability in Kaswara Project Kaswara 3.0.1
The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. | 9.8 |
| 2024-10-16 | CVE-2021-4449 | Unrestricted Upload of File with Dangerous Type vulnerability in Digitalzoomstudio Zoomsounds
The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. | 9.8 |
| 2024-10-16 | CVE-2024-9105 | The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3. network low complexity CWE-288 critical | 9.8 |
| 2024-10-15 | CVE-2024-9486 | Use of Hard-coded Credentials vulnerability in Kubernetes Image Builder
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. | 9.8 |
| 2024-10-15 | CVE-2024-21172 | Unspecified vulnerability in Oracle Hospitality Opera 5 5.6.19.19/5.6.25.8/5.6.26.4
Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). network high complexity oracle critical | 9.0 |
| 2024-10-15 | CVE-2024-21216 | Unspecified vulnerability in Oracle Weblogic Server 12.2.1.4.0/14.1.1.0.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). network low complexity oracle critical | 9.8 |
| 2024-10-15 | CVE-2024-9986 | SQL Injection vulnerability in Fabianros Blood Bank Management System 1.0
A vulnerability was found in code-projects Blood Bank Management System 1.0. | 9.8 |
| 2024-10-15 | CVE-2024-45275 | The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices. | 9.8 |