Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2024-10024 | SQL Injection vulnerability in Code-Projects Pharmacy Management System 1.0 A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. | 8.8 |
| 2024-10-16 | CVE-2020-36842 | Unrestricted Upload of File with Dangerous Type vulnerability in Wpvivid Migration, Backup, Staging The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX actions that allows low-level authenticated attackers to upload zip files that can be subsequently extracted. | 8.8 |
| 2024-10-16 | CVE-2024-45462 | Unspecified vulnerability in Apache Cloudstack The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. | 7.1 |
| 2024-10-16 | CVE-2024-45693 | Unspecified vulnerability in Apache Cloudstack Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. | 8.8 |
| 2024-10-16 | CVE-2024-45710 | Uncontrolled Search Path Element vulnerability in Solarwinds Platform SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. | 7.8 |
| 2024-10-16 | CVE-2024-45711 | Path Traversal vulnerability in Solarwinds Serv-U SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. | 8.8 |
| 2024-10-16 | CVE-2012-10018 | The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. | 8.3 |
| 2024-10-16 | CVE-2016-15041 | The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mwp_setup_purchase_username’ parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. network low complexity | 7.2 |
| 2024-10-16 | CVE-2017-20192 | The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like 'after_html' in versions before 2.05.03 due to insufficient input sanitization and output escaping. | 8.3 |
| 2024-10-16 | CVE-2019-25213 | Path Traversal vulnerability in Vasyltech Advanced Access Manager The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. | 7.5 |