Skip to main content

CWE-1038

Insecure Automated Optimizations

6 CVEs Avg CVSS 6.2 MITRE
1
CRITICAL
1
HIGH
4
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2025-48877 CRITICAL PATCH Act Now

Discourse versions prior to 3.4.4 (stable), 3.5.0.beta5 (beta), and 3.5.0.beta6-dev (tests-passed) contain a critical vulnerability where Codepen is included in the default `allowed_iframes` site setting and can auto-execute arbitrary JavaScript within the iframe scope, enabling unauthenticated remote code execution. With a CVSS score of 9.8 and network-accessible attack vector requiring no privileges or user interaction, this vulnerability poses severe risk to all default Discourse installations and should be prioritized for immediate patching.

RCE Discourse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-52971 MEDIUM PATCH This Month

MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Red Hat Suse
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2023-52970 MEDIUM PATCH This Month

MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Red Hat Suse
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2023-52969 MEDIUM PATCH This Month

MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Red Hat Suse
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2022-31220 MEDIUM This Month

Dell BIOS versions contain an Unchecked Return Value vulnerability. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Chengming 3900 Firmware Inspiron 14 Plus 7420 Firmware Inspiron 16 Plus 7620 Firmware +22
NVD
CVSS 3.1
5.1
EPSS
0.2%
CVE-2022-26861 HIGH This Week

Dell BIOS versions contain an Insecure Automated Optimization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Alienware M15 R6 Firmware Chengming 3980 Firmware Chengming 3988 Firmware +396
NVD
CVSS 3.1
7.8
EPSS
0.2%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Discourse versions prior to 3.4.4 (stable), 3.5.0.beta5 (beta), and 3.5.0.beta6-dev (tests-passed) contain a critical vulnerability where Codepen is included in the default `allowed_iframes` site setting and can auto-execute arbitrary JavaScript within the iframe scope, enabling unauthenticated remote code execution. With a CVSS score of 9.8 and network-accessible attack vector requiring no privileges or user interaction, this vulnerability poses severe risk to all default Discourse installations and should be prioritized for immediate patching.

RCE Discourse
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Red Hat Suse
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Red Hat Suse
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Red Hat Suse
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Dell BIOS versions contain an Unchecked Return Value vulnerability. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Chengming 3900 Firmware +24
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell BIOS versions contain an Insecure Automated Optimization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Alienware M15 R6 Firmware +398
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy