|
1991
|
- |
|
-
|
-
|
Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leadi…
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2024-47978
|
2024-12-26 00:15 |
2024-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1992
|
5.5 |
MEDIUM
Local
|
-
|
-
|
IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1
could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service.
|
CWE-20
Improper Input Validation
|
CVE-2024-47102
|
2024-12-26 00:15 |
2024-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1993
|
- |
|
-
|
-
|
An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be a…
|
CWE-213
Exposure of Sensitive Information Due to Incompatible Policies
|
CVE-2023-5117
|
2024-12-26 00:15 |
2024-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1994
|
4.3 |
MEDIUM
Network
|
-
|
-
|
IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remot…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-51464
|
2024-12-26 00:15 |
2024-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1995
|
6.1 |
MEDIUM
Network
|
-
|
-
|
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expo…
|
CWE-1022
Use of Web Link to Untrusted Target with window.opener Access
|
CVE-2024-39727
|
2024-12-25 23:15 |
2024-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1996
|
5.3 |
MEDIUM
Network
-
|
-
|
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the …
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-39725
|
2024-12-25 23:15 |
2024-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1997
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arne Informatics Piramit Automation allows Blind SQL Injection.This issue affects Piramit Automat…
|
CWE-89
SQL Injection
|
CVE-2024-8950
|
2024-12-25 22:15 |
2024-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1998
|
- |
|
-
|
-
|
The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process
incoming serialized data but lacks the necessary security checks and defenses. This vulnerability …
|
-
|
CVE-2024-52046
|
2024-12-25 20:15 |
2024-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1999
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handle_clone_post() function and the 'fusion_blog' shortcod…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-12335
|
2024-12-25 16:15 |
2024-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2000
|
9.8 |
CRITICAL
Network
-
|
-
|
The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. This is due to insufficient validation on the 'logged_in_user_id'…
|
CWE-862
Missing Authorization
|
CVE-2024-11281
|
2024-12-25 16:15 |
2024-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
