|
1861
|
5.5 |
MEDIUM
Local
|
-
|
-
|
IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1
could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service.
|
CWE-20
Improper Input Validation
|
CVE-2024-47102
|
2024-12-26 00:15 |
2024-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1862
|
- |
|
-
|
-
|
An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be a…
|
CWE-213
Exposure of Sensitive Information Due to Incompatible Policies
|
CVE-2023-5117
|
2024-12-26 00:15 |
2024-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1863
|
4.3 |
MEDIUM
Network
|
-
|
-
|
IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remot…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-51464
|
2024-12-26 00:15 |
2024-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1864
|
6.1 |
MEDIUM
Network
|
-
|
-
|
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expo…
|
CWE-1022
Use of Web Link to Untrusted Target with window.opener Access
|
CVE-2024-39727
|
2024-12-25 23:15 |
2024-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1865
|
5.3 |
MEDIUM
Network
-
|
-
|
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the …
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-39725
|
2024-12-25 23:15 |
2024-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1866
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arne Informatics Piramit Automation allows Blind SQL Injection.This issue affects Piramit Automat…
|
CWE-89
SQL Injection
|
CVE-2024-8950
|
2024-12-25 22:15 |
2024-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1867
|
- |
|
-
|
-
|
The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process
incoming serialized data but lacks the necessary security checks and defenses. This vulnerability …
|
-
|
CVE-2024-52046
|
2024-12-25 20:15 |
2024-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1868
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handle_clone_post() function and the 'fusion_blog' shortcod…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-12335
|
2024-12-25 16:15 |
2024-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1869
|
9.8 |
CRITICAL
Network
-
|
-
|
The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. This is due to insufficient validation on the 'logged_in_user_id'…
|
CWE-862
Missing Authorization
|
CVE-2024-11281
|
2024-12-25 16:15 |
2024-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1870
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'search_params' parameter in all versions up to, and including, 8.7.13 …
|
CWE-89
SQL Injection
|
CVE-2024-10862
|
2024-12-25 16:15 |
2024-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
