CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7410 – My Custom CSS PHP & ADS <= 3.3 - Unauthenticated Full Path Disclosure
https://notcve.org/view.php?id=CVE-2024-7410
The My Custom CSS PHP & ADS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.3. ... The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. • https://plugins.trac.wordpress.org/browser/my-custom-css/trunk/vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php https://www.wordfence.com/threat-intel/vulnerabilities/id/d145d0af-e364-4cc3-af4f-03117eb34637?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-0104
https://notcve.org/view.php?id=CVE-2024-0104
A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges. • https://nvidia.custhelp.com/app/answers/detail/a_id/5559 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-0107
https://notcve.org/view.php?id=CVE-2024-0107
A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5557 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7414 – PDF Builder for WPForms <= 1.2.116 - Unauthenticated Full Path Disclosure
https://notcve.org/view.php?id=CVE-2024-7414
The PDF Builder for WPForms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.116. ... The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. • https://plugins.trac.wordpress.org/browser/pdf-builder-for-wpforms/trunk/vendor/jurosh/pdf-merge/bin/composer-setup.php?rev=3009060 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3132289%40pdf-builder-for-wpforms&new=3132289%40pdf-builder-for-wpforms&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/31a82837-f8da-44bf-81f6-af0d9c9a6e4c?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7602 – Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-7602
Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. ... An attacker can leverage this vulnerability to disclose information in the context of root. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. ... An attacker can leverage this vulnerability to disclose information in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-1102 https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •