CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6560 – Addonify – Quick View For WooCommerce <= 1.2.16 - Unauthenticated Full Path Dislcosure
https://notcve.org/view.php?id=CVE-2024-6560
The Addonify – Quick View For WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.16. ... The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. • https://plugins.trac.wordpress.org/browser/addonify-quick-view/trunk/vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3121821%40addonify-quick-view&new=3121821%40addonify-quick-view&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/c38eaab5-157c-43fa-ad67-6f063274ba69?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40628 – Arbitrary File Read in Ansible Playbooks in Jumpserver
https://notcve.org/view.php?id=CVE-2024-40628
An attacker can exploit the ansible playbook to read arbitrary files in the celery container, leading to sensitive information disclosure. • https://github.com/jumpserver/jumpserver/security/advisories/GHSA-rpf7-g4xh-84v9 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38302
https://notcve.org/view.php?id=CVE-2024-38302
A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure. • https://www.dell.com/support/kbdoc/en-us/000227053/dsa-2024-303-security-update-for-dell-data-lakehouse-system-software-for-multiple-security-vulnerabilities • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40633 – Customer data leak via adjustments API endpoint in Sylius
https://notcve.org/view.php?id=CVE-2024-40633
Using these tokens, an attacker can access guest customer order details - sensitive guest customer information. • https://github.com/Sylius/Sylius/security/advisories/GHSA-55rf-8q29-4g43 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-42010 – IBM Sterling B2B Integrator Standard Edition information disclosure
https://notcve.org/view.php?id=CVE-2023-42010
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/265507 https://www.ibm.com/support/pages/node/7160433 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •