CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31887 – IBM Security Verify Privilege information disclosure
https://notcve.org/view.php?id=CVE-2024-31887
IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651. IBM Security Verify Privilege 11.6.25 podría permitir que un actor no autenticado obtenga información confidencial de la API SOAP. ID de IBM X-Force: 287651. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287651 https://www.ibm.com/support/pages/node/7148438 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-3571 – Path Traversal in langchain-ai/langchain
https://notcve.org/view.php?id=CVE-2024-3571
An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading to information disclosure or remote code execution. • https://github.com/langchain-ai/langchain/commit/aad3d8bd47d7f5598156ff2bdcc8f736f24a7412 https://huntr.com/bounties/2df3acdc-ee4f-4257-bbf8-a7de3870a9d8 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-1593 – Path Traversal via Parameter Smuggling in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2024-1593
This vulnerability allows for arbitrary data smuggling into the 'params' part of the URL, enabling attacks similar to those described in previous reports but utilizing the ';' character for parameter smuggling. Successful exploitation could lead to unauthorized information disclosure or server compromise. • https://huntr.com/bounties/dbdc6bd6-d09a-46f2-9d9c-5138a14b6e31 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: -EPSS: 2%CPEs: -EXPL: 1CVE-2024-29291 – Laravel Framework 11 - Credential Leakage
https://notcve.org/view.php?id=CVE-2024-29291
NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, but needs to set the access control appropriately for the type of data that may be logged. • https://www.exploit-db.com/exploits/52000 https://gist.github.com/whiteman007/43bd7fa1fa0e47554b33f0cf93066784 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-23561 – HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-23561
HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0111926 •