CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6565 – AForms <= 2.2.6 - Unauthenticated Full Path Disclosure
https://notcve.org/view.php?id=CVE-2024-6565
The AForms — Form Builder for Price Calculator & Cost Estimation plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.6. ... The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. • https://plugins.trac.wordpress.org/browser/aforms-form-builder-for-price-calculator-cost-estimation/trunk/vendor/aura/payload-interface/phpunit.php https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3118052%40aforms-form-builder-for-price-calculator-cost-estimation&new=3118052%40aforms-form-builder-for-price-calculator-cost-estimation&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/702261eb-4f85-4388-9f82-75476640e8ed?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40630 – HEIF Heap OOB Read in OpenImageIO
https://notcve.org/view.php?id=CVE-2024-40630
In the worst case, this can lead to an information disclosure vulnerability, particularly for programs that directly use the `ImageInput` APIs. • https://github.com/AcademySoftwareFoundation/OpenImageIO/blob/7c486a1121a4bf71d50ff555fab2770294b748d7/src/heif.imageio/heifinput.cpp#L250 https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/0a2dcb4cf2c3fd4825a146cd3ad929d9d8305ce3 https://github.com/AcademySoftwareFoundation/OpenImageIO/security/advisories/GHSA-jjm9-9m4m-c8p2 • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39826 – Zoom Workplace Apps and SDKs - Path traversal
https://notcve.org/view.php?id=CVE-2024-39826
Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information disclosure via network access. • https://www.zoom.com/en/trust/security-bulletin/zsb-24023 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6557 – SchedulePress <= 5.1.3 - Unauthenticated Full Path Disclosure
https://notcve.org/view.php?id=CVE-2024-6557
The SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.1.3. ... The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. • https://plugins.trac.wordpress.org/browser/wp-scheduled-posts/trunk/vendor/wpdevelopers/pinterest-api-php/demo/boot.php https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3117736%40wp-scheduled-posts&new=3117736%40wp-scheduled-posts&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/f80fa8b3-f345-4b3f-8a16-ee9f19b07a0b?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6398
https://notcve.org/view.php?id=CVE-2024-6398
An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. ... Any information disclosed depends on how the customers have customized the block pages. • https://thrive.trellix.com/s/article/000013694 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •