CVSS: 4.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-5206 – Sensitive Data Leakage in sklearn.feature_extraction.text.TfidfVectorizer in scikit-learn/scikit-learn
https://notcve.org/view.php?id=CVE-2024-5206
A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. • https://github.com/scikit-learn/scikit-learn/commit/70ca21f106b603b611da73012c9ade7cd8e438b8 https://huntr.com/bounties/14bc0917-a85b-4106-a170-d09d5191517c • CWE-921: Storage of Sensitive Data in a Mechanism without Access Control •
CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-2624 – Path Traversal and Arbitrary File Upload Vulnerability in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-2624
Successful exploitation could lead to sensitive information disclosure, unauthorized file uploads, and potentially remote code execution by overwriting critical configuration files. • https://github.com/parisneo/lollms-webui/commit/aeba79f3ea934331b8ecd625a58bae6e4f7e7d3f https://huntr.com/bounties/39e17897-0e92-4473-91c7-f728322191aa • CWE-29: Path Traversal: '\..\filename' •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35710 – WordPress Podlove Web Player plugin <= 5.7.3 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-35710
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Podlove Podlove Web Player.This issue affects Podlove Web Player: from n/a through 5.7.3. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Podlove Podlove Web Player. Este problema afecta a Podlove Web Player: desde n/a hasta 5.7.3. The Podlove Web Player plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /shortcode REST API endpoint in all versions up to, and including, 5.7.3. This makes it possible for unauthenticated attackers to view information they should not have access to. • https://patchstack.com/database/vulnerability/podlove-web-player/wordpress-podlove-web-player-plugin-5-7-3-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35682 – WordPress Otter Blocks PRO plugin <= 2.6.11 - Authenticated Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-35682
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Themeisle Otter Blocks PRO.This issue affects Otter Blocks PRO: from n/a through 2.6.11. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Themeisle Otter Blocks PRO. Este problema afecta a Otter Blocks PRO: desde n/a hasta 2.6.11. The Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/otter-pro/wordpress-otter-blocks-pro-plugin-2-6-11-authenticated-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36307 – Trend Micro Apex One Security Agent Link Following Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-36307
A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Un enlace de agente de seguridad tras una vulnerabilidad en Trend Micro Apex One y Apex One as a Service podría permitir a un atacante local revelar información confidencial sobre el agente en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the VsApiNT module. • https://success.trendmicro.com/dcx/s/solution/000298063 https://www.zerodayinitiative.com/advisories/ZDI-24-573 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •