CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5059 – WordPress Event Monster Plugin <= 1.4.0 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-5059
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event Management Tickets Booking.This issue affects Event Management Tickets Booking: from n/a through 1.4.0. ... The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. • https://patchstack.com/database/vulnerability/event-monster/wordpress-event-monster-plugin-1-4-0-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-21685
https://notcve.org/view.php?id=CVE-2024-21685
This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosure vulnerability which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. • https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211 https://jira.atlassian.com/browse/JRASERVER-77713 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37896 – SQL injection vulnerability in Gin-vue-admin
https://notcve.org/view.php?id=CVE-2024-37896
This could lead to unauthorized access to the database, data leakage, data manipulation, or even complete compromise of the database server. • https://github.com/flipped-aurora/gin-vue-admin/commit/53d03382188868464ade489ab0713b54392d227f https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-gf3r-h744-mqgp • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-31870 – IBM i information disclosure
https://notcve.org/view.php?id=CVE-2024-31870
This can be used by a malicious actor to gather information about users that can be targeted in further attacks. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287174 https://www.ibm.com/support/pages/node/7157638 • CWE-204: Observable Response Discrepancy •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27179 – Session disclosure inside the log files
https://notcve.org/view.php?id=CVE-2024-27179
Admin cookies are written in clear-text in logs. An attacker can retrieve them and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL. Las cookies de administración se escriben en texto plano en los registros. Un atacante puede recuperarlos y eludir el mecanismo de autenticación. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-1295: Debug Messages Revealing Unnecessary Information •