Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-12-25 CVE-2024-52535 Link Following vulnerability in Dell products
Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component.
network
low complexity
dell CWE-59
8.8
2024-12-25 CVE-2024-52906 IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service.
local
low complexity
CWE-362
5.5
2024-12-25 CVE-2024-53291 Unspecified vulnerability in Dell Nativeedge Orchestrator
Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensitive Information Through Metadata vulnerability.
network
low complexity
dell
7.5
2024-12-25 CVE-2024-39725 Information Exposure Through an Error Message vulnerability in IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
5.3
2024-12-25 CVE-2024-39727 Unspecified vulnerability in IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site.
network
low complexity
ibm
critical
9.8
2024-12-25 CVE-2024-8950 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arne Informatics Piramit Automation allows Blind SQL Injection.This issue affects Piramit Automation: before 27.09.2024.
network
low complexity
CWE-89
critical
9.9
2024-12-25 CVE-2024-52046 Deserialization of Untrusted Data vulnerability in Apache Mina
The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses.
network
low complexity
apache CWE-502
critical
9.8
2024-12-25 CVE-2024-10862 SQL Injection vulnerability in Basixonline Nex-Forms
The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'search_params' parameter in all versions up to, and including, 8.7.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
basixonline CWE-89
4.9
2024-12-25 CVE-2024-11281 The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.
network
low complexity
CWE-862
critical
9.8
2024-12-25 CVE-2024-12335 The Avada (Fusion) Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handle_clone_post() function and the 'fusion_blog' shortcode and due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3