CVSS: 5.9EPSS: 0%CPEs: -EXPL: 1CVE-2024-46635
https://notcve.org/view.php?id=CVE-2024-46635
An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber parameter. • https://github.com/h1thub/CVE-2024-46635 https://hithub.notion.site/Sensitive-Information-Disclosure-in-GongZhiDao-System-aaad25d2430f4a638d462194cfa87c8b • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47344 – WordPress uListing plugin <= 2.1.5 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-47344
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StylemixThemes uListing.This issue affects uListing: from n/a through 2.1.5. The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.5 via the /pricing-plan/payment endpoint. • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-1-5-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8974 – Incorrect Provision of Specified Functionality in GitLab
https://notcve.org/view.php?id=CVE-2024-8974
Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project." • https://gitlab.com/gitlab-org/gitlab/-/issues/482843 • CWE-684: Incorrect Provision of Specified Functionality •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 12CVE-2024-47176 – cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source
https://notcve.org/view.php?id=CVE-2024-47176
Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer's capabilities (such as supported media sizes, resolutions, color modes, etc.). PPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. ... In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header. • https://github.com/pearlmansara/CVE-2024-47176-CUPS https://github.com/workabhiwin09/CVE-2024-47176 https://github.com/tonyarris/CVE-2024-47176-Scanner https://github.com/mr-r3b00t/CVE-2024-47176 https://github.com/aytackalinci/CVE-2024-47176 https://github.com/nma-io/CVE-2024-47176 https://github.com/MalwareTech/CVE-2024-47176-Scanner https://github.com/l0n3m4n/CVE-2024-47176 https://github.com/AxthonyV/CVE-2024-47176 https://github.com/0x7556/CVE-2024-47176 https:/ • CWE-20: Improper Input Validation CWE-749: Exposed Dangerous Method or Function CWE-940: Improper Verification of Source of a Communication Channel CWE-1327: Binding to an Unrestricted IP Address •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47169 – Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal
https://notcve.org/view.php?id=CVE-2024-47169
This issue could result in unauthorized access, full server compromise, data leakage, and other critical security threats. • https://github.com/agnaistic/agnai/security/advisories/GHSA-mpch-89gm-hm83 • CWE-35: Path Traversal: '.../...//' CWE-434: Unrestricted Upload of File with Dangerous Type •