CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8487 – CORS Vulnerability in modelscope/agentscope
https://notcve.org/view.php?id=CVE-2024-8487
20 Mar 2025 — This can lead to unauthorized data access, information disclosure, and potential further exploitation, thereby compromising the integrity and confidentiality of the system. • https://huntr.com/bounties/7aca7507-a94e-4e63-83a2-15648e5c4067 • CWE-346: Origin Validation Error •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-12869 – Improper Authentication in infiniflow/ragflow
https://notcve.org/view.php?id=CVE-2024-12869
20 Mar 2025 — This data leakage can facilitate further attacks, such as phishing or spam, and result in loss of trust and potential regulatory issues. • https://huntr.com/bounties/768b1a56-1e79-416a-8445-65953568b04a • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9447 – Exposure of Sensitive Information in transformeroptimus/superagi
https://notcve.org/view.php?id=CVE-2024-9447
20 Mar 2025 — An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. ... This could lead to unauthorized access to services and significant data breaches or financial loss. • https://huntr.com/bounties/c952ea32-3047-42d3-8a3e-e67899e35dfd • CWE-1230: Exposure of Sensitive Information Through Metadata •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10264 – HTTP Request Smuggling in netease-youdao/qanything
https://notcve.org/view.php?id=CVE-2024-10264
20 Mar 2025 — This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and potentially arbitrary code execution. • https://huntr.com/bounties/988247d5-fd60-4d85-845a-e867d62c0d02 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-6827 – HTTP Request Smuggling in benoitc/gunicorn
https://notcve.org/view.php?id=CVE-2024-6827
20 Mar 2025 — This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse. ... This vulnerability allows request smuggling, leading to cache poisoning, data exposure, session manipulation, Server-side request forgery (SSRF), Cross-site scripting (XSS), denial of service (DoS), data integrity compromise, security bypass, and information leakage via imp... • https://huntr.com/bounties/1b4f8f38-39da-44b6-9f98-f618639d0dd7 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.8EPSS: 1%CPEs: -EXPL: 0CVE-2024-9362 – Directory Traversal in polyaxon/polyaxon
https://notcve.org/view.php?id=CVE-2024-9362
20 Mar 2025 — This vulnerability allows an attacker to retrieve directory information and file contents from the server without proper authorization, leading to sensitive information disclosure. • https://huntr.com/bounties/d8dcb40f-ce76-4524-8d06-e0f12a07809d • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10267 – Information Disclosure in transformeroptimus/superagi
https://notcve.org/view.php?id=CVE-2024-10267
20 Mar 2025 — An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. • https://huntr.com/bounties/13da8366-4670-4d46-9f5a-ba3f642b692e • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11449 – Server-Side Request Forgery in haotian-liu/llava
https://notcve.org/view.php?id=CVE-2024-11449
20 Mar 2025 — This flaw can lead to unauthorized network access, sensitive data exposure, and further exploitation within the network. • https://huntr.com/bounties/e96aba28-d564-4ecb-ab77-350511d2e1ee • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13558 – NP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2024-13558
19 Mar 2025 — The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests. • https://plugins.trac.wordpress.org/changeset/3256816 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1CVE-2025-2476 – Debian Security Advisory 5882-1
https://notcve.org/view.php?id=CVE-2025-2476
19 Mar 2025 — (Chromium security severity: Critical) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://github.com/McTavishSue/CVE-2025-2476 • CWE-416: Use After Free •