CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37270 – WordPress TrustedLogin Vendor plugin < 1.1.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-37270
Insertion of Sensitive Information into Log File vulnerability in TrustedLogin TrustedLogin Vendor.This issue affects TrustedLogin Vendor: from n/a before 1.1.1. ... The TrustedLogin Vendor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions prior to 1.1.1 (exclusive). • https://patchstack.com/database/vulnerability/vendor/wordpress-trustedlogin-vendor-plugin-1-1-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-37141
https://notcve.org/view.php?id=CVE-2024-37141
A remote low privileged attacker could potentially exploit this vulnerability, leading to information disclosure. • https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-29173
https://notcve.org/view.php?id=CVE-2024-29173
A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client. • https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-28973
https://notcve.org/view.php?id=CVE-2024-28973
Exploitation may lead to information disclosure, session theft, or client-side request forgery Dell PowerProtect DD, versiones anteriores a 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contienen una vulnerabilidad de Cross-Site Scripting Almacenado. • https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-6060
https://notcve.org/view.php?id=CVE-2024-6060
An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information. • https://sites.google.com/sonatype.com/vulnerabilities/cve-2024-6060 • CWE-532: Insertion of Sensitive Information into Log File •