CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1330 – Kadence Blocks Pro < 2.3.8 - Contributor+ Arbitrary Option Access
https://notcve.org/view.php?id=CVE-2024-1330
The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database. ... The Kadence Blocks Pro plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.3.7 via the kb-dynamic shortcode. • https://wpscan.com/vulnerability/1988815b-7a53-4657-9b1c-1f83c9f9ccfd • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36307 – Trend Micro Apex One Security Agent Link Following Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-36307
A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000298063 https://www.zerodayinitiative.com/advisories/ZDI-24-573 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35682 – WordPress Otter Blocks PRO plugin <= 2.6.11 - Authenticated Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-35682
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Themeisle Otter Blocks PRO.This issue affects Otter Blocks PRO: from n/a through 2.6.11. ... The Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11. • https://patchstack.com/database/vulnerability/otter-pro/wordpress-otter-blocks-pro-plugin-2-6-11-authenticated-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5184 – Prompt Injection in EmailGPT
https://notcve.org/view.php?id=CVE-2024-5184
Attackers can exploit the issue by forcing the AI service to leak the standard hard-coded system prompts and/or execute unwanted prompts. When engaging with EmailGPT by submitting a malicious prompt that requests harmful information, the system will respond by providing the requested data. • https://www.synopsys.com/blogs/software-security/cyrc-advisory-prompt-injection-emailgpt.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.6EPSS: 0%CPEs: 10EXPL: 0CVE-2024-4008 – FDSK Leak in KNX Secure Devices
https://notcve.org/view.php?id=CVE-2024-4008
FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System La fuga de FDSK en ABB, Busch-Jaeger, FTS Display (versión 1.00) y BCU (versión 1.3.0.33) permite al atacante tomar el control mediante el acceso al sistema de bus KNX local • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •