According to the official WordPress blog, 37 bugs were fixed in this release including four security issues and a couple of stability related issues.

As far as security goes, the following security issues have been fixed in WordPress 3.5.1.

• Misuse of pingbacks for remote port scanning and a server side request forgery vulnerability which could lead to information exposure and site compromising.
• Two cross-side scrippting issues via shortcodes and post content.
• Another cross-site scripting vulnerability in the Plupload library

The remaining updates and fixes address an assortment of issues of which two have received a high rating. One fixes an issue where link tags are getting stripped from the editor in WordPress 3.5, the other that scheduled posts trigger non-unfiltered html filters. The issue here is that some tags, like embedded video contents, may have been filtered out which broke them from being displayed properly on the site’s frontend.