CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-35495
https://notcve.org/view.php?id=CVE-2024-35495
An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0 and Tapo P125M 1.0.0 Build 220930 Rel.143947 allows attackers to observe device state via observing network traffic. • https://github.com/Chapoly1305/tp-link-cve/blob/main/CVE-2024-35495.md • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 1CVE-2024-46635
https://notcve.org/view.php?id=CVE-2024-46635
An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber parameter. • https://github.com/h1thub/CVE-2024-46635 https://hithub.notion.site/Sensitive-Information-Disclosure-in-GongZhiDao-System-aaad25d2430f4a638d462194cfa87c8b • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47344 – WordPress uListing plugin <= 2.1.5 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-47344
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StylemixThemes uListing.This issue affects uListing: from n/a through 2.1.5. The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.5 via the /pricing-plan/payment endpoint. • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-1-5-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8974 – Incorrect Provision of Specified Functionality in GitLab
https://notcve.org/view.php?id=CVE-2024-8974
Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project." • https://gitlab.com/gitlab-org/gitlab/-/issues/482843 • CWE-684: Incorrect Provision of Specified Functionality •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47169 – Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal
https://notcve.org/view.php?id=CVE-2024-47169
This issue could result in unauthorized access, full server compromise, data leakage, and other critical security threats. • https://github.com/agnaistic/agnai/security/advisories/GHSA-mpch-89gm-hm83 • CWE-35: Path Traversal: '.../...//' CWE-434: Unrestricted Upload of File with Dangerous Type •