CVSS: 2.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38372 – Undici vulnerable to data leak when using response.arrayBuffer()
https://notcve.org/view.php?id=CVE-2024-38372
08 Jul 2024 — Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a `fetch()` request, `response.arrayBuffer()` might include portion of memory from the Node.js process. This has been patched in v6.19.2. Undici es un cliente HTTP/1.1, escrito desde cero para Node.js. Dependiendo de las condiciones de la red y del proceso de una solicitud `fetch()`, `response.arrayBuffer()` podría incluir parte de la memoria del proceso Node.js. • https://github.com/nodejs/undici/commit/f979ec3204ca489abf30e7d20e9fee9ea7711d36 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-23562 – HCL Domino is susceptible to an information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-23562
08 Jul 2024 — A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113822 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4341 – Information Disclosure in ExtremePacs's Extreme XDS
https://notcve.org/view.php?id=CVE-2024-4341
08 Jul 2024 — Improper Privilege Management vulnerability in Ekstrem Bir Bilgisayar Danismanlik Ic Ve Dis Ticaret Ltd. Sti. Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3928. • https://www.usom.gov.tr/bildirim/tr-24-0893 • CWE-269: Improper Privilege Management •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3228 – Social Sharing Plugin – Kiwi <= 2.1.7 - Information Disclosure
https://notcve.org/view.php?id=CVE-2024-3228
08 Jul 2024 — The Social Sharing Plugin – Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the 'kiwi-nw-pinterest' class. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3109786%40kiwi-social-share&new=3109786%40kiwi-social-share&sfp_email=&sfph_mail= • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39182
https://notcve.org/view.php?id=CVE-2024-39182
05 Jul 2024 — An information disclosure vulnerability in ISPmanager v6.98.0 allows attackers to access sensitive details of the root user's session via an arbitrary command (ISP6-1779). • https://ispmanager.com/changelog • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37504 – WordPress FileBird Document Library plugin <= 2.0.6 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-37504
04 Jul 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FileBird Document Library.This issue affects FileBird Document Library: from n/a through 2.0.6. ... The FileBird Document Library plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.6 due to insufficient user access checking. • https://patchstack.com/database/vulnerability/filebird-document-library/wordpress-filebird-document-library-plugin-2-0-6-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37498 – WordPress Tablesome plugin <= 1.0.33 - Sensitive Data Exposure via API vulnerability
https://notcve.org/view.php?id=CVE-2024-37498
04 Jul 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pauple Table & Contact Form 7 Database – Tablesome.This issue affects Table & Contact Form 7 Database – Tablesome: from n/a through 1.0.33. ... The Tablesome – Responsive Table, Woocommerce Automation, Email Log, Form Automation – Contact Form 7, Elementor, WPForms, Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.33 due to insufficient capability... • https://patchstack.com/database/vulnerability/tablesome/wordpress-tablesome-plugin-1-0-33-sensitive-data-exposure-via-api-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31223 – Fides Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
https://notcve.org/view.php?id=CVE-2024-31223
03 Jul 2024 — This could result in disclosure of server-side configuration giving an attacker information on server-side ports, private IP addresses, and/or private domain names. • https://github.com/ethyca/fides/commit/0555080541f18a5aacff452c590ac9a1b56d7097 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 20%CPEs: 2EXPL: 0CVE-2024-39891 – Twilio Authy Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-39891
02 Jul 2024 — Specifically, the endpoint accepted a stream of requests containing phone numbers, and responded with information about whether each phone number was registered with Authy. ... Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy. • https://cwe.mitre.org/data/definitions/203.html • CWE-203: Observable Discrepancy •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-38476 – Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect
https://notcve.org/view.php?id=CVE-2024-38476
01 Jul 2024 — Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. ... Backend applications whose response headers are mali... • https://httpd.apache.org/security/vulnerabilities_24.html • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •