CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49025 – Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-49025
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49025 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-3502 – Exposure of Sensitive Information in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-3502
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently exposed to unauthorized actors. ... The exposed account recovery hashes, while not directly related to user passwords, represent sensitive information that should not be accessible to unauthorized parties. • https://github.com/lunary-ai/lunary/commit/17e95f6c99c7d5ac4ee5451c5857b97a12892c74 https://huntr.com/bounties/c2aff952-2dec-4538-8905-190c484aae94 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-3501 – Exposure of Sensitive Information in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-3501
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/users/me/org` API endpoints. • https://github.com/lunary-ai/lunary/commit/17e95f6c99c7d5ac4ee5451c5857b97a12892c74 https://huntr.com/bounties/8fdfdb9d-10bd-4f00-8004-d5baabc20c6e • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-1682 – Unclaimed S3 Bucket Reference in psf/requests Documentation
https://notcve.org/view.php?id=CVE-2024-1682
The use of this unclaimed S3 bucket could lead to data integrity issues, data leakage, availability problems, loss of trustworthiness, and potential further attacks if the bucket is used to host malicious content or as a pivot point for further attacks. • https://github.com/psf/requests/commit/6106a63eb6c0fa490efa73d44388ac25b1b08af4 https://huntr.com/bounties/4da5ded5-b59b-4ece-8812-46a4329e446c • CWE-840: Business Logic Errors •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45642 – IBM Security ReaQta information disclosure
https://notcve.org/view.php?id=CVE-2024-45642
IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7172212 • CWE-942: Permissive Cross-domain Policy with Untrusted Domains •