Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-07 | CVE-2024-8555 | Open Redirect vulnerability in Oretnom23 Clinic'S Patient Management System 2.0 A vulnerability was found in SourceCodester Clinics Patient Management System 2.0. | 6.1 |
| 2024-09-07 | CVE-2024-40680 | Allocation of Resources Without Limits or Throttling vulnerability in IBM MQ Operator 2.0.26/3.2.4 IBM MQ Operator 2.0.26 and 3.2.4 could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. | 5.5 |
| 2024-09-07 | CVE-2024-8554 | Cross-site Scripting vulnerability in Oretnom23 Clinic'S Patient Management System 2.0 A vulnerability was found in SourceCodester Clinics Patient Management System 2.0 and classified as problematic. | 5.4 |
| 2024-09-07 | CVE-2024-1596 | Cross-site Scripting vulnerability in Ninjaforms Ninja Forms File Uploads The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. | 6.1 |
| 2024-09-07 | CVE-2024-6010 | Unspecified vulnerability in Stylemixthemes Cost Calculator Builder The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.1.96. | 5.3 |
| 2024-09-07 | CVE-2024-7112 | SQL Injection vulnerability in Pinpoint Booking System The Pinpoint Booking System – #1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘schedule’ parameter in all versions up to, and including, 2.9.9.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2024-09-07 | CVE-2024-7620 | The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_import' function in all versions up to, and including, 0.9.7. | 6.6 |
| 2024-09-07 | CVE-2024-6849 | Cross-site Scripting vulnerability in Wp-Brandtheme Preloader Plus The Preloader Plus – WordPress Loading Screen Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-07 | CVE-2024-8538 | Path Traversal vulnerability in Infiniteuploads BIG File Uploads The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1.2. | 4.3 |
| 2024-09-06 | CVE-2022-27592 | Unquoted Search Path or Element vulnerability in Qnap QVR Smart Client 2.4.0 An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. | 6.7 |