CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45293 – XML External Entity Reference (XXE) in PHPSpreadsheet's XLSX reader
https://notcve.org/view.php?id=CVE-2024-45293
On servers that allow users to upload their own Excel (XLSX) sheets, Server files and sensitive information can be disclosed by providing a crafted sheet. ... Sensitive information disclosure through the XXE on sites that allow users to upload their own excel spreadsheets, and parse them using PHPSpreadsheet's Excel parser. ... On servers that allow users to upload their own Excel (XLSX) sheets, Server files, and sensitive information can be disclosed by providing a crafted sheet. • https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-6hwr-6v2f-3m88 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47136
https://notcve.org/view.php?id=CVE-2024-47136
Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. • https://jvn.jp/en/vu/JVNVU92808077 https://www.electronics.jtekt.co.jp/en/topics/202410026928 https://www.electronics.jtekt.co.jp/jp/topics/2024100217388 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47135
https://notcve.org/view.php?id=CVE-2024-47135
Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. • https://jvn.jp/en/vu/JVNVU92808077 https://www.electronics.jtekt.co.jp/en/topics/202410026928 https://www.electronics.jtekt.co.jp/jp/topics/2024100217388 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47134
https://notcve.org/view.php?id=CVE-2024-47134
Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. • https://jvn.jp/en/vu/JVNVU92808077 https://www.electronics.jtekt.co.jp/en/topics/202410026928 https://www.electronics.jtekt.co.jp/jp/topics/2024100217388 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-20515 – Cisco Identity Services Engine Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-20515
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to a lack of proper data protection mechanisms for certain configuration settings. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-disc-ZYF2nEEX •