CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4319 – Advanced Contact form 7 DB <= 2.0.2 - Missing Authorization to Unauthenticated Information Disclosure
https://notcve.org/view.php?id=CVE-2024-4319
10 Jun 2024 — The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for submitted forms. El complemento Advanced Contact form 7 DB para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación de capacidad en la función 'vsz_cf7_export_to_excel' en... • https://plugins.trac.wordpress.org/browser/advanced-cf7-db/trunk/admin/class-advanced-cf7-db-admin.php#L1459 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39179 – Kernel: ksmbd: read request out-of-bounds read information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2023-39179
10 Jun 2024 — An attacker can leverage this to disclose sensitive information on affected installations of Linux. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-39179 • CWE-125: Out-of-bounds Read •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39176 – Kernel: ksmbd: transform header out-of-bounds read information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2023-39176
10 Jun 2024 — An attacker can leverage this to disclose sensitive information on affected installations of Linux. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-39176 • CWE-125: Out-of-bounds Read •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4458 – Kernel: ksmbd: smb2_open out-of-bounds read information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2023-4458
10 Jun 2024 — An attacker can leverage this to disclose sensitive information on affected installations of Linux. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-4458 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-31878 – IBM i information disclosure
https://notcve.org/view.php?id=CVE-2024-31878
07 Jun 2024 — This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287538 • CWE-203: Observable Discrepancy •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5328 – SSRF Vulnerability in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-5328
06 Jun 2024 — This could lead to the disclosure of sensitive information, service disruption, or further attacks against the network infrastructure. • https://huntr.com/bounties/80b09757-d9a0-44d1-932f-2461fc8fec69 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3429 – Path Traversal in parisneo/lollms
https://notcve.org/view.php?id=CVE-2024-3429
06 Jun 2024 — Successful exploitation could lead to unauthorized access to sensitive files, information disclosure, and potentially a denial of service (DoS) condition by including numerous large or resource-intensive files. • https://github.com/parisneo/lollms/commit/f4424cfc3d6dfb3ad5ac17dd46801efe784933e9 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3322 – Path Traversal in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-3322
06 Jun 2024 — This flaw leads to arbitrary file read and overwrite capabilities in specified directories without limitations, posing a significant risk of sensitive information disclosure and unauthorized file manipulation. • https://github.com/parisneo/lollms-webui/commit/1e17df01e01d4d33599db2afaafe91d90b6f0189 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-5206 – Sensitive Data Leakage in sklearn.feature_extraction.text.TfidfVectorizer in scikit-learn/scikit-learn
https://notcve.org/view.php?id=CVE-2024-5206
06 Jun 2024 — A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. ... This behavior leads to the potential leakage of sensitive information, as the `stop_words_` attribute could contain tokens that were meant to be discarded and not stored, such as passwords or keys. • https://github.com/scikit-learn/scikit-learn/commit/70ca21f106b603b611da73012c9ade7cd8e438b8 • CWE-921: Storage of Sensitive Data in a Mechanism without Access Control •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2624 – Path Traversal and Arbitrary File Upload Vulnerability in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-2624
06 Jun 2024 — Successful exploitation could lead to sensitive information disclosure, unauthorized file uploads, and potentially remote code execution by overwriting critical configuration files. • https://github.com/parisneo/lollms-webui/commit/aeba79f3ea934331b8ecd625a58bae6e4f7e7d3f • CWE-29: Path Traversal: '\..\filename' •