CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1287 – Paid Memberships Pro - Member Directory Add On < 1.2.6 - Contributor+ Sensitive Information Disclosure and SQLi
https://notcve.org/view.php?id=CVE-2024-1287
This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta data, including password hashes. • https://wpscan.com/vulnerability/169e5756-4e12-4add-82e9-47471c30f08c • CWE-202: Exposure of Sensitive Information Through Data Queries CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-27363
https://notcve.org/view.php?id=CVE-2024-27363
A vulnerability was discovered in Samsung Mobile Processor Exynos 850, Exynos 9610, Exynos 980, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, and Exynos W930 where it does not properly check a pointer address, which can lead to a Information disclosure. • https://semiconductor.samsung.com/support/quality-support/product-security-updates https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-27363 •
CVSS: 2.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38372 – Undici vulnerable to data leak when using response.arrayBuffer()
https://notcve.org/view.php?id=CVE-2024-38372
Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a `fetch()` request, `response.arrayBuffer()` might include portion of memory from the Node.js process. This has been patched in v6.19.2. Undici es un cliente HTTP/1.1, escrito desde cero para Node.js. Dependiendo de las condiciones de la red y del proceso de una solicitud `fetch()`, `response.arrayBuffer()` podría incluir parte de la memoria del proceso Node.js. • https://github.com/nodejs/undici/commit/f979ec3204ca489abf30e7d20e9fee9ea7711d36 https://github.com/nodejs/undici/issues/3328 https://github.com/nodejs/undici/issues/3337 https://github.com/nodejs/undici/pull/3338 https://github.com/nodejs/undici/security/advisories/GHSA-3g92-w8c5-73pq • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-23562 – HCL Domino is susceptible to an information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-23562
This vulnerability is being re-assessed. Vulnerability details will be updated. The security bulletin will be republished when further details are available. Una vulnerabilidad de seguridad en HCL Domino podría permitir la divulgación de información de configuración confidencial. Un atacante remoto no autenticado podría aprovechar esta vulnerabilidad para obtener información y lanzar más ataques contra el sistema afectado. A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113822 https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116923 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-4341 – Information Disclosure in ExtremePacs's Extreme XDS
https://notcve.org/view.php?id=CVE-2024-4341
Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3928. • https://www.usom.gov.tr/bildirim/tr-24-0893 • CWE-269: Improper Privilege Management •