CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31887 – IBM Security Verify Privilege information disclosure
https://notcve.org/view.php?id=CVE-2024-31887
IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287651 https://www.ibm.com/support/pages/node/7148438 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-3571 – Path Traversal in langchain-ai/langchain
https://notcve.org/view.php?id=CVE-2024-3571
An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading to information disclosure or remote code execution. • https://github.com/langchain-ai/langchain/commit/aad3d8bd47d7f5598156ff2bdcc8f736f24a7412 https://huntr.com/bounties/2df3acdc-ee4f-4257-bbf8-a7de3870a9d8 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-1593 – Path Traversal via Parameter Smuggling in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2024-1593
Successful exploitation could lead to unauthorized information disclosure or server compromise. • https://huntr.com/bounties/dbdc6bd6-d09a-46f2-9d9c-5138a14b6e31 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-23561 – HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-23561
HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0111926 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32036 – SixLabors.ImageSharp vulnerable to data leakage
https://notcve.org/view.php?id=CVE-2024-32036
A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. • https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68 https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr • CWE-226: Sensitive Information in Resource Not Removed Before Reuse •