CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36307 – Trend Micro Apex One Security Agent Link Following Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-36307
A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Un enlace de agente de seguridad tras una vulnerabilidad en Trend Micro Apex One y Apex One as a Service podría permitir a un atacante local revelar información confidencial sobre el agente en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the VsApiNT module. • https://success.trendmicro.com/dcx/s/solution/000298063 https://www.zerodayinitiative.com/advisories/ZDI-24-573 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35682 – WordPress Otter Blocks PRO plugin <= 2.6.11 - Authenticated Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-35682
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Themeisle Otter Blocks PRO.This issue affects Otter Blocks PRO: from n/a through 2.6.11. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Themeisle Otter Blocks PRO. Este problema afecta a Otter Blocks PRO: desde n/a hasta 2.6.11. The Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/otter-pro/wordpress-otter-blocks-pro-plugin-2-6-11-authenticated-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1662 – Information Disclosure in Porty's PowerBank
https://notcve.org/view.php?id=CVE-2024-1662
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data.This issue affects PowerBank Application: before 2.02. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en la aplicación PowerBank de la sociedad anónima PORTY Smart Tech Technology permite recuperar datos confidenciales incrustados. Este problema afecta la aplicación PowerBank: antes de 2.02. • https://www.usom.gov.tr/bildirim/tr-24-0602 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1272 – Information Disclosure to Source Code in TNB Mobile Solutions' Cockpit Software
https://notcve.org/view.php?id=CVE-2024-1272
Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before v0.251.1. La inclusión de información confidencial en la vulnerabilidad del código fuente en TNB Mobile Solutions Cockpit Software permite recuperar datos confidenciales incrustados. Este problema afecta a Cockpit Software: anterior a v0.251.1. • https://www.usom.gov.tr/bildirim/tr-24-0601 • CWE-540: Inclusion of Sensitive Information in Source Code •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4220 – Information Disclosure in BeyondInsight
https://notcve.org/view.php?id=CVE-2024-4220
Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate usernames. • https://www.beyondtrust.com/trust-center/security-advisories/BT24-06 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •