CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-39182
https://notcve.org/view.php?id=CVE-2024-39182
An information disclosure vulnerability in ISPmanager v6.98.0 allows attackers to access sensitive details of the root user's session via an arbitrary command (ISP6-1779). • https://ispmanager.com/changelog • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37504 – WordPress FileBird Document Library plugin <= 2.0.6 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-37504
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FileBird Document Library.This issue affects FileBird Document Library: from n/a through 2.0.6. ... The FileBird Document Library plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.6 due to insufficient user access checking. • https://patchstack.com/database/vulnerability/filebird-document-library/wordpress-filebird-document-library-plugin-2-0-6-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37498 – WordPress Tablesome plugin <= 1.0.33 - Sensitive Data Exposure via API vulnerability
https://notcve.org/view.php?id=CVE-2024-37498
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pauple Table & Contact Form 7 Database – Tablesome.This issue affects Table & Contact Form 7 Database – Tablesome: from n/a through 1.0.33. ... The Tablesome – Responsive Table, Woocommerce Automation, Email Log, Form Automation – Contact Form 7, Elementor, WPForms, Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.33 due to insufficient capability checks on the get_export_table_props function. This makes it possible for unauthenticated attackers to extract potentially sensitive information from tables. • https://patchstack.com/database/vulnerability/tablesome/wordpress-tablesome-plugin-1-0-33-sensitive-data-exposure-via-api-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31223 – Fides Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
https://notcve.org/view.php?id=CVE-2024-31223
This could result in disclosure of server-side configuration giving an attacker information on server-side ports, private IP addresses, and/or private domain names. • https://github.com/ethyca/fides/commit/0555080541f18a5aacff452c590ac9a1b56d7097 https://github.com/ethyca/fides/security/advisories/GHSA-53q7-4874-24qg • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 19%CPEs: 2EXPL: 0CVE-2024-39891 – Twilio Authy Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-39891
Specifically, the endpoint accepted a stream of requests containing phone numbers, and responded with information about whether each phone number was registered with Authy. ... Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy. • https://cwe.mitre.org/data/definitions/203.html https://www.bleepingcomputer.com/news/security/hackers-abused-api-to-verify-millions-of-authy-mfa-phone-numbers https://www.twilio.com/docs/usage/security/reporting-vulnerabilities https://www.twilio.com/en-us/changelog • CWE-203: Observable Discrepancy •