CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-3322 – Path Traversal in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-3322
This flaw leads to arbitrary file read and overwrite capabilities in specified directories without limitations, posing a significant risk of sensitive information disclosure and unauthorized file manipulation. • https://github.com/parisneo/lollms-webui/commit/1e17df01e01d4d33599db2afaafe91d90b6f0189 https://huntr.com/bounties/e0822362-033a-4a71-b1dc-d803f03bd427 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-5206 – Sensitive Data Leakage in sklearn.feature_extraction.text.TfidfVectorizer in scikit-learn/scikit-learn
https://notcve.org/view.php?id=CVE-2024-5206
A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. ... This behavior leads to the potential leakage of sensitive information, as the `stop_words_` attribute could contain tokens that were meant to be discarded and not stored, such as passwords or keys. • https://github.com/scikit-learn/scikit-learn/commit/70ca21f106b603b611da73012c9ade7cd8e438b8 https://huntr.com/bounties/14bc0917-a85b-4106-a170-d09d5191517c • CWE-921: Storage of Sensitive Data in a Mechanism without Access Control •
CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-2624 – Path Traversal and Arbitrary File Upload Vulnerability in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-2624
Successful exploitation could lead to sensitive information disclosure, unauthorized file uploads, and potentially remote code execution by overwriting critical configuration files. • https://github.com/parisneo/lollms-webui/commit/aeba79f3ea934331b8ecd625a58bae6e4f7e7d3f https://huntr.com/bounties/39e17897-0e92-4473-91c7-f728322191aa • CWE-29: Path Traversal: '\..\filename' •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35178 – Jupyter server on Windows discloses Windows user password hash
https://notcve.org/view.php?id=CVE-2024-35178
Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. • https://github.com/jupyter-server/jupyter_server/commit/79fbf801c5908f4d1d9bc90004b74cfaaeeed2df https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-hrw6-wg82-cm62 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35710 – WordPress Podlove Web Player plugin <= 5.7.3 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-35710
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Podlove Podlove Web Player.This issue affects Podlove Web Player: from n/a through 5.7.3. ... This makes it possible for unauthenticated attackers to view information they should not have access to. • https://patchstack.com/database/vulnerability/podlove-web-player/wordpress-podlove-web-player-plugin-5-7-3-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •