CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10692 – PowerPack Elementor Addons (Free Widgets, Extensions and Templates) <= 2.8.1 - Authenticated (Contributor+) Post Disclosure
https://notcve.org/view.php?id=CVE-2024-10692
The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal widget due to insufficient restrictions on which posts can be included. • https://plugins.trac.wordpress.org/changeset/3203205/powerpack-lite-for-elementor/tags/2.8.2/modules/content-reveal/widgets/content-reveal.php https://www.wordfence.com/threat-intel/vulnerabilities/id/d073d9df-0636-4884-b5d0-e2da779e5edf?source=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9408
https://notcve.org/view.php?id=CVE-2018-9408
This could lead to a local information disclosure with System execution privileges needed. • https://source.android.com/security/bulletin/pixel/2018-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9407
https://notcve.org/view.php?id=CVE-2018-9407
In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check. This could lead to Information Disclosure of kernel data. • https://source.android.com/security/bulletin/pixel/2018-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 3.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-38829 – Spring LDAP sensitive data exposure for case-sensitive comparisons
https://notcve.org/view.php?id=CVE-2024-38829
A vulnerability in VMware Tanzu Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820 Una vulnerabilidad en VMware Tanzu Spring LDAP permite la exposición de datos para comparaciones que distinguen entre mayúsculas y minúsculas. Este problema afecta a Spring LDAP: de 2.4.0 a 2.4.3, de 3.0.0 a 3.0.9, de 3.1.0 a 3.1.7, de 3.2.0 a 3.2.7, Y todas las versiones anteriores a 2.4.0. El uso de String.toLowerCase() y String.toUpperCase() tiene algunas excepciones dependientes de la configuración regional que podrían provocar que se consulten columnas no deseadas. Relacionado con CVE-2024-38820 https://spring.io/security/cve-2024-38820 A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820 • https://spring.io/security/cve-2024-38829 • CWE-178: Improper Handling of Case Sensitivity •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10777 – AnyWhere Elementor <= 1.2.11 - Authenticated (Contributor+) Post Disclosure
https://notcve.org/view.php?id=CVE-2024-10777
The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the 'INSERT_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3198665%40anywhere-elementor&new=3198665%40anywhere-elementor&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/c2138634-c149-4fd1-a33d-351bbf633ea3?source=cve • CWE-639: Authorization Bypass Through User-Controlled Key •