CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-27730
https://notcve.org/view.php?id=CVE-2024-27730
Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature. • https://leo.oliver.nz/posts/2024/05/friendica-cve-disclosures https://github.com/friendica/friendica/pull/13927 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 4.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-31799
https://notcve.org/view.php?id=CVE-2024-31799
Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port. • https://gncchome.com/collections/indoor-camera/products/c2-indoor-security-camera-1080p https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-27731
https://notcve.org/view.php?id=CVE-2024-27731
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter. • https://leo.oliver.nz/posts/2024/05/friendica-cve-disclosures https://github.com/friendica/friendica/pull/13927 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-27729
https://notcve.org/view.php?id=CVE-2024-27729
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature. • https://leo.oliver.nz/posts/2024/05/friendica-cve-disclosures https://github.com/friendica/friendica/pull/13927 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-27728
https://notcve.org/view.php?id=CVE-2024-27728
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the text parameter of the babel debug feature. • https://leo.oliver.nz/posts/2024/05/friendica-cve-disclosures https://github.com/friendica/friendica/pull/13927 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •