CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-32982 – Litestar and Starlite affected by Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
https://notcve.org/view.php?id=CVE-2024-32982
06 May 2024 — Such access can lead to the disclosure of sensitive information or potentially compromise the server. • https://github.com/litestar-org/litestar/blob/main/litestar/static_files/base.py#L70 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-43528 – Buffer Over-read in Audio
https://notcve.org/view.php?id=CVE-2023-43528
06 May 2024 — Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. • https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43527 – Buffer Over-read in Video
https://notcve.org/view.php?id=CVE-2023-43527
06 May 2024 — Information disclosure while parsing dts header atom in Video. • https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23193 – OX App Suite 8.21 Cross Site Scripting / Information Disclosure
https://notcve.org/view.php?id=CVE-2024-23193
06 May 2024 — E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. ... The cache for PDF exports now takes user session information into consideration when performing authorization decisions. ... OX App Suite version 8.21 cross site scripting and information disclosure vulnerabilities. • http://seclists.org/fulldisclosure/2024/May/3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23188 – OX App Suite 8.21 Cross Site Scripting / Information Disclosure
https://notcve.org/view.php?id=CVE-2024-23188
06 May 2024 — Attackers could perform malicious API requests or extract information from the users account. ... We now use safer methods of handling external content when embedding attachment information to the web interface. ... OX App Suite version 8.21 cross site scripting and information disclosure vulnerabilities. • http://seclists.org/fulldisclosure/2024/May/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23187 – OX App Suite 8.21 Cross Site Scripting / Information Disclosure
https://notcve.org/view.php?id=CVE-2024-23187
06 May 2024 — Attackers could perform malicious API requests or extract information from the users account. ... OX App Suite version 8.21 cross site scripting and information disclosure vulnerabilities. • http://seclists.org/fulldisclosure/2024/May/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23186 – OX App Suite 8.21 Cross Site Scripting / Information Disclosure
https://notcve.org/view.php?id=CVE-2024-23186
06 May 2024 — E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. ... We now use safer methods of handling external content when embedding displayname information to the web interface. ... OX App Suite version 8.21 cross site scripting and information disclosure vulnerabilities. • http://seclists.org/fulldisclosure/2024/May/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 25EXPL: 0CVE-2024-20058
https://notcve.org/view.php?id=CVE-2024-20058
06 May 2024 — This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/May-2024 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34388 – WordPress GDPR Compliance plugin <= 1.2.5 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-34388
06 May 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Scribit GDPR Compliance.This issue affects GDPR Compliance: from n/a through 1.2.5. ... The GDPR Compliance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.5. • https://patchstack.com/database/vulnerability/gdpr-compliance/wordpress-gdpr-compliance-plugin-1-2-5-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26312
https://notcve.org/view.php?id=CVE-2024-26312
06 May 2024 — Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. • https://archerirm.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •