CVSS: 3.3EPSS: %CPEs: -EXPL: 0CVE-2024-9762 – Tungsten Automation Power PDF OXPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9762
The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9821 – Bot for Telegram on WooCommerce <= 1.2.4 - Authenticated (Subscriber+) Telegram Bot Token Disclosure to Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-9821
The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stm_wpcfto_get_settings' AJAX action in all versions up to, and including, 1.2.4. • https://github.com/RandomRobbieBF/CVE-2024-9821 https://plugins.trac.wordpress.org/browser/bot-for-telegram-on-woocommerce/trunk/nuxy/helpers/helpers.php?rev=2575772#L54 https://www.wordfence.com/threat-intel/vulnerabilities/id/a662c904-ba2e-494c-a603-b22eeeddf43d?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-9763 – Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9763
The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-9665 – Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9665
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Zimbra. User interaction is required to exploit this vulnerability in that the target must open a malicious email message. The specific flaw exists within the implementation of the graphql endpoint. The issue results from the lack of proper protections against cross-site request forgery (CSRF) attacks. An attacker can leverage this vulnerability to disclose information in the context of the target email account. •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-9753 – Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9753
The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. •