CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2384 – WooCommerce POS <= 1.4.11 - Insufficient Verification of Data Authenticity to Authenticated (Customer+) Information Disclosure
https://notcve.org/view.php?id=CVE-2024-2384
The WooCommerce POS plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.4.11. This is due to the plugin not properly verifying the authentication and authorization of the current user This makes it possible for authenticated attackers, with customer-level access and above, to view potentially sensitive information about other users by leveraging their order id • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3053833%40woocommerce-pos&new=3053833%40woocommerce-pos&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/d6b8ba69-aa8b-436f-990c-39e283f5d2f2?source=cve • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20757 – Bridge 2024 TIF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-20757
Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. • https://helpx.adobe.com/security/products/bridge/apsb24-15.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23139 – Autodesk FBX Review ABC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23139
An Out-Of-Bounds Write Vulnerability in Autodesk FBX Review version 1.5.3.0 and prior may lead to code execution or information disclosure through maliciously crafted ActionScript Byte Code “ABC” files. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0005 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 1CVE-2024-22513 – djangorestframework-simplejwt 5.3.1 - Information Disclosure
https://notcve.org/view.php?id=CVE-2024-22513
djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. ... Django REST Framework SimpleJWT versions 5.3.1 and below suffer from an information disclosure vulnerability. • https://www.exploit-db.com/exploits/51992 https://github.com/dmdhrumilmistry/CVEs/tree/main/CVE-2024-22513 • CWE-306: Missing Authentication for Critical Function •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-28069
https://notcve.org/view.php?id=CVE-2024-28069
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to access sensitive information and potentially conduct unauthorized actions within the vulnerable component. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0001 • CWE-922: Insecure Storage of Sensitive Information •