| 2024-10-16 | CVE-2024-9105 | The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3. network low complexity CWE-288 critical | 9.8 |
| 2024-10-16 | CVE-2024-9634 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.3 via deserialization of untrusted input from the give_company_name parameter. network low complexity CWE-502 critical | 9.8 |
| 2024-10-15 | CVE-2024-9486 | Use of Hard-coded Credentials vulnerability in Kubernetes Image Builder
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. | 9.8 |
| 2024-10-15 | CVE-2024-21172 | Unspecified vulnerability in Oracle Hospitality Opera 5 5.6.19.19/5.6.25.8/5.6.26.4
Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). network high complexity oracle critical | 9.0 |
| 2024-10-15 | CVE-2024-21216 | Unspecified vulnerability in Oracle Weblogic Server 12.2.1.4.0/14.1.1.0.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). network low complexity oracle critical | 9.8 |
| 2024-10-15 | CVE-2024-9986 | SQL Injection vulnerability in Fabianros Blood Bank Management System 1.0
A vulnerability was found in code-projects Blood Bank Management System 1.0. | 9.8 |
| 2024-10-15 | CVE-2024-45274 | Missing Authentication for Critical Function vulnerability in multiple products
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication. | 9.8 |
| 2024-10-15 | CVE-2024-45275 | Use of Hard-coded Credentials vulnerability in multiple products
The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices. | 9.8 |
| 2024-10-15 | CVE-2024-49388 | Authorization Bypass Through User-Controlled Key vulnerability in Acronis Cyber Protect 16
Sensitive information manipulation due to improper authorization. | 9.1 |
| 2024-10-15 | CVE-2024-9976 | SQL Injection vulnerability in Code-Projects Pharmacy Management System 1.0
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. | 9.8 |