CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3454 – In-Fabric Matter Cluster Attribute Disclosure
https://notcve.org/view.php?id=CVE-2024-3454
An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about devices part of the same fabric (footprinting), even though the protocol is designed to prevent access to such information. • https://www.bitdefender.com/support/security-advisories/in-fabric-matter-cluster-attribute-disclosure • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39676 – Apache Pinot: Unauthorized endpoint exposed sensitive information
https://notcve.org/view.php?id=CVE-2024-39676
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path “/appconfigs” to the controller, it can lead to the disclosure of sensitive information such as system information (e.g. arch, os version), environment information (e.g. maxHeapSize) and Pinot configurations (e.g. zookeeper path). • https://lists.apache.org/thread/hsm0b2w8qr0sqy4rj1mfnnw286tslpzc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6553 – WP Meteor Website Speed Optimization Addon <= 3.4.3 - Unauthenticated Full Path Disclosure
https://notcve.org/view.php?id=CVE-2024-6553
The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.3.This is due to the plugin utilizing wpdesk and leaving test files with display_errors on. ... The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3117899%40wp-meteor&new=3117899%40wp-meteor&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/6197c194-5a17-41da-be79-58a6f5c68a0b?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6571 – Optimize Images ALT Text (alt tag) & names for SEO using AI <= 3.1.1 - Unauthenticated Full Path Disclosure
https://notcve.org/view.php?id=CVE-2024-6571
The Optimize Images ALT Text (alt tag) & names for SEO using AI plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.1. ... The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3122915%40imageseo&new=3122915%40imageseo&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/a11083dd-7a5f-483b-a854-2697ddc54262?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6805 – Missing Authorization Checks in NI VeriStand Gateway for File Transfer Resources
https://notcve.org/view.php?id=CVE-2024-6805
These missing checks may result in information disclosure or remote code execution. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of NI VeriStand. ... An attacker can leverage this vulnerability to disclose information in the context of the current user. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/missing-authorization-checks-in-ni-veristand-gateway.html • CWE-862: Missing Authorization •