5.5
CVE-2024-47102 - IBM AIX denial of service
IBM AIXΒ 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service.
3.7
CVE-2023-5117 - Exposure of Sensitive Information Due to Incompatible Policies in GitLab
An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be accessed without authentication via a direct link to the uploaded file URL.
7.1
CVE-2024-52535 -
Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A low-privileged authenticated user could potentially exploit this vulnerability, β¦
6.1
CVE-2024-39727 - IBM Engineering Lifecycle Optimization - Engineering Insights tabnabbing
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3Β uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victimsβ web browser.
5.3
CVE-2024-39725 - IBM Engineering Lifecycle Optimization - Engineering Insights information disclosure
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
9.9
CVE-2024-8950 - SQLi in Arne Informatics' Piramit Automation
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arne Informatics Piramit Automation allows Blind SQL Injection.This issue affects Piramit Automation: before 27.09.2024.
10
CVE-2024-52046 - Apache MINA: MINA applications using unbounded deserialization may allow RCE
The ObjectSerializationDecoder in Apache MINA uses Javaβs native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious seriaβ¦
4.9
CVE-2024-10862 - NEX-Forms <= 8.7.15 - Authenticated (Admin+) SQL Injection
The NEX-Forms β Ultimate Form Builder β Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'search_params' parameter in all versions up to, and including, 8.7.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on thβ¦
4.3
CVE-2024-12335 - Avada Builder <= 3.11.12 - Authenticated (Contributor+) Protected Post Disclosure
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handle_clone_post() function and the 'fusion_blog' shortcode and due to insufficient restrictions on which posts can be included. This makes it possible for auβ¦
9.8
CVE-2024-11281 - WooCommerce Point of Sale <= 6.1.0 - Insecure Direct Object Reference to Privilege Escalation via Aβ¦
The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. This is due to insufficient validation on the 'logged_in_user_id' value when option values are empty and the ability for attackers to change the email of arbitrary uβ¦