CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37498 – WordPress Tablesome plugin <= 1.0.33 - Sensitive Data Exposure via API vulnerability
https://notcve.org/view.php?id=CVE-2024-37498
04 Jul 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pauple Table & Contact Form 7 Database – Tablesome.This issue affects Table & Contact Form 7 Database – Tablesome: from n/a through 1.0.33. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en la base de datos Pauple Table & Contact Form 7 – Tablesome. Este problema afecta la base de datos Table & Contact Form 7 – Tablesome: desde n/a hasta 1.0.33. The Tablesome – Responsive Table, Woocommerc... • https://patchstack.com/database/vulnerability/tablesome/wordpress-tablesome-plugin-1-0-33-sensitive-data-exposure-via-api-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31223 – Fides Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
https://notcve.org/view.php?id=CVE-2024-31223
03 Jul 2024 — Fides is an open-source privacy engineering platform, and `SERVER_SIDE_FIDES_API_URL` is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address, private domain name, and/or port. A vulnerability present starting in version 2.19.0 and prior to version 2.39.2rc0 allows an unauthenticated attacker to make a HTTP GET request from the Privacy Center that di... • https://github.com/ethyca/fides/commit/0555080541f18a5aacff452c590ac9a1b56d7097 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 20%CPEs: 2EXPL: 0CVE-2024-39891 – Twilio Authy Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-39891
02 Jul 2024 — In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. ... Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy. • https://cwe.mitre.org/data/definitions/203.html • CWE-203: Observable Discrepancy •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-38476 – Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect
https://notcve.org/view.php?id=CVE-2024-38476
01 Jul 2024 — Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. ... Backend applications whose response headers are mali... • https://httpd.apache.org/security/vulnerabilities_24.html • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36996 – Information Disclosure of user names
https://notcve.org/view.php?id=CVE-2024-36996
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) au... • https://advisory.splunk.com/advisories/SVD-2024-0716 • CWE-204: Observable Response Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 128EXPL: 0CVE-2024-21466 – Integer Underflow (Wrap or Wraparound) in WLAN Host Communication
https://notcve.org/view.php?id=CVE-2024-21466
01 Jul 2024 — Information disclosure while parsing sub-IE length during new IE generation. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.1EPSS: 0%CPEs: 30EXPL: 0CVE-2024-21460 – Use of Insufficiently Random Values in Core
https://notcve.org/view.php?id=CVE-2024-21460
01 Jul 2024 — Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.8EPSS: 0%CPEs: 222EXPL: 0CVE-2024-21458 – Buffer Over-read in WLAN HOST
https://notcve.org/view.php?id=CVE-2024-21458
01 Jul 2024 — Information disclosure while handling SA query action frame. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 222EXPL: 0CVE-2024-21457 – Buffer Over-read in WLAN Host Communication
https://notcve.org/view.php?id=CVE-2024-21457
01 Jul 2024 — INformation disclosure while handling Multi-link IE in beacon frame. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 9.4EPSS: 0%CPEs: 43EXPL: 0CVE-2024-21456 – Buffer Over-read in WLAN HOST
https://notcve.org/view.php?id=CVE-2024-21456
01 Jul 2024 — Information Disclosure while parsing beacon frame in STA. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-126: Buffer Over-read •