6.1

CVSS3.1

CVE-2024-12004 - WPC Order Notes for WooCommerce <= 1.5.2 - Cross-Site Request Forgery to Reflected Cross-Site Scrip…

The WPC Order Notes for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.2. This is due to missing or incorrect nonce validation on the ajax_update_order_note() function. This makes it possible for unauthenticated attackers to in…

πŸ“… Published: Dec. 11, 2024, 8:57 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.2

CVSS3.1

CVE-2024-53292 -

Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed cred…

πŸ“… Published: Dec. 11, 2024, 7:55 a.m. πŸ”„ Last Modified: Feb. 4, 2025, 4:16 p.m.

7.8

CVSS3.1

CVE-2024-53289 -

Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

πŸ“… Published: Dec. 11, 2024, 7:40 a.m. πŸ”„ Last Modified: Feb. 4, 2025, 4:13 p.m.

8.4

CVSS3.1

CVE-2024-53290 -

Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Command execution

πŸ“… Published: Dec. 11, 2024, 7:34 a.m. πŸ”„ Last Modified: Feb. 4, 2025, 4:14 p.m.

6.3

CVSS3.1

CVE-2024-52537 -

Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

πŸ“… Published: Dec. 11, 2024, 7:26 a.m. πŸ”„ Last Modified: Feb. 4, 2025, 4:13 p.m.

2.5

CVSS3.1

CVE-2023-37395 - IBM Aspera Faspex information disclosure

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.

πŸ“… Published: Dec. 11, 2024, 2:49 a.m. πŸ”„ Last Modified: Jan. 7, 2025, 9:10 p.m.

4.4

CVSS3.1

CVE-2024-35117 - IBM OpenPages with Watson information disclosure

IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.

πŸ“… Published: Dec. 11, 2024, 1:32 a.m. πŸ”„ Last Modified: Jan. 27, 2025, 3:52 p.m.

8.8

CVSS3.1

CVE-2024-55587 -

python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract.

πŸ“… Published: Dec. 11, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

3.4

CVSS3.1

CVE-2024-11053 - netrc and redirect credential leak

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname bu…

πŸ“… Published: Dec. 11, 2024, midnight πŸ”„ Last Modified: Nov. 3, 2025, 9:16 p.m.

9

CVSS3.1

CVE-2024-55884 -

In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable() in exception_logging/unix.rs, aka MLLVD-CR-24-01. NOTE: achieving code execution is considered non-tr…

πŸ“… Published: Dec. 11, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 346671
Page 7275 of 34,668
Β« previous page Β» next page
Filters