CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34368 – WordPress Mooberry Book Manager plugin <= 4.15.12 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-34368
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mooberry Dreams Mooberry Book Manager.This issue affects Mooberry Book Manager: from n/a through 4.15.12. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Mooberry Dreams Mooberry Book Manager. Este problema afecta a Mooberry Book Manager: desde n/a hasta 4.15.12. The Mooberry Book Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.12 via exported files. This makes it possible for unauthenticated attackers to extract potentially sensitive information from those files. • https://patchstack.com/database/vulnerability/mooberry-book-manager/wordpress-mooberry-book-manager-plugin-4-15-12-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34382 – WordPress Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.18 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-34382
This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/robo-gallery/wordpress-photo-gallery-images-slider-in-rbs-image-gallery-plugin-3-2-18-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34383 – WordPress SEOPress plugin <= 7.7.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-34383
This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/wp-seopress/wordpress-seopress-plugin-7-6-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30302 – ZDI-CAN-23077: Adobe Acrobat Reader DC AcroForm Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-30302
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 20.005.30539, 23.008.20470 y anteriores de Acrobat Reader se ven afectadas por una vulnerabilidad Use After Free que podría provocar la divulgación de memoria confidencial. Un atacante podría aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. • https://helpx.adobe.com/security/products/acrobat/apsb24-07.html • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-34393 – libxmljs2 attrs type confusion RCE
https://notcve.org/view.php?id=CVE-2024-34393
This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled). libxmljs2 es afectada por una vulnerabilidad de confusión de tipos cuando se analiza un XML especialmente manipulado al invocar una función en el resultado de attrs() que se llamó en un nodo analizado. • https://github.com/marudor/libxmljs2/issues/204 https://research.jfrog.com/vulnerabilities/libxmljs2-attrs-type-confusion-rce-jfsa-2024-001034097 •