CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-1593 – Path Traversal via Parameter Smuggling in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2024-1593
16 Apr 2024 — Successful exploitation could lead to unauthorized information disclosure or server compromise. • https://huntr.com/bounties/dbdc6bd6-d09a-46f2-9d9c-5138a14b6e31 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-23561 – HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-23561
15 Apr 2024 — HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0111926 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32036 – SixLabors.ImageSharp vulnerable to data leakage
https://notcve.org/view.php?id=CVE-2024-32036
15 Apr 2024 — A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. • https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68 • CWE-226: Sensitive Information in Resource Not Removed Before Reuse •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29219
https://notcve.org/view.php?id=CVE-2024-29219
15 Apr 2024 — Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64 and earlier and KV REPLAY VIEWER Ver.2.64 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affected product open a specially crafted file. ... Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64 and earlier and KV REPLAY VIEWER Ver.2.64 and earlier, and VT5-WX15/WX12 Ver.6.02 and earlier, which may lead to information disclosure or arbitrary code exec... • https://jvn.jp/en/vu/JVNVU95439120 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29218
https://notcve.org/view.php?id=CVE-2024-29218
15 Apr 2024 — Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and earlier and KV REPLAY VIEWER Ver.2.64 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affected product open a specially crafted file. ... Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and earlier, KV REPLAY VIEWER Ver.2.64 and earlier, and VT5-WX15/WX12 Ver.6.02 and earlier, which may lead to information disclosure or arbitrary code execu... • https://jvn.jp/en/vu/JVNVU95439120 • CWE-787: Out-of-bounds Write •
CVSS: 6.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-22439 – Certain HPE FlexNetwork and FlexFabric Switches, Remote Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-22439
15 Apr 2024 — This vulnerability could be exploited to gain privileged access to switches resulting in information disclosure. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbnw04625en_us • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3505 – JFrog Self-Hosted Artifactory Proxy configuration accessible to low-privilege users
https://notcve.org/view.php?id=CVE-2024-3505
15 Apr 2024 — JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. This does not affect JFrog cloud deployments. ... JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. • https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32506 – WordPress Radio Player plugin <= 2.0.73 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-32506
15 Apr 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. ... This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive information. • https://patchstack.com/database/vulnerability/radio-player/wordpress-radio-player-plugin-2-0-73-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32513 – WordPress Product Feed PRO for WooCommerce plugin <= 13.3.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-32513
15 Apr 2024 — Insertion of Sensitive Information into Log File vulnerability in AdTribes.Io Product Feed PRO for WooCommerce.This issue affects Product Feed PRO for WooCommerce: from n/a through 13.3.1. ... The Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 13.3.1 via log files. This makes it possible for unauthenticated attackers to vie... • https://patchstack.com/database/vulnerability/woo-product-feed-pro/wordpress-product-feed-pro-for-woocommerce-plugin-13-3-1-sensitive-data-exposure-vulnerability? • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-22339 – IBM UrbanCode Deploy information disclosure
https://notcve.org/view.php?id=CVE-2024-22339
12 Apr 2024 — IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. • https://exchange.xforce.ibmcloud.com/vulnerabilities/279979 • CWE-532: Insertion of Sensitive Information into Log File •