CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4220 – Information Disclosure in BeyondInsight
https://notcve.org/view.php?id=CVE-2024-4220
Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate usernames. • https://www.beyondtrust.com/trust-center/security-advisories/BT24-06 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5483 – LearnPress – WordPress LMS Plugin <= 4.2.6.8 - Basic Information Disclosure via JSON API
https://notcve.org/view.php?id=CVE-2024-5483
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of get_items_permissions_check function. This makes it possible for unauthenticated attackers to extract basic information about website users, including their emails El complemento LearnPress – WordPress LMS Plugin para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 4.2.6.8 incluida debido a la implementación incorrecta de la función get_items_permissions_check. Esto hace posible que atacantes no autenticados extraigan información básica sobre los usuarios del sitio web, incluidos sus correos electrónicos. • https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.8/inc/jwt/rest-api/version1/class-lp-rest-users-v1-controller.php#L130 https://www.wordfence.com/threat-intel/vulnerabilities/id/122b75d2-e882-45b9-baf1-acf847f8d60a?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29170
https://notcve.org/view.php?id=CVE-2024-29170
An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure of network traffic and denial of service. • https://www.dell.com/support/kbdoc/en-us/000225667/dsa-2024-210-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4332 – Improper Authentication in Tripwire Enterprise 9.1.0 APIs
https://notcve.org/view.php?id=CVE-2024-4332
Exploitation of this vulnerability could allow remote attackers to gain privileged access to the APIs and lead to unauthorized information disclosure or modification. • https://www.fortra.com/security/advisory/fi-2024-006 • CWE-303: Incorrect Implementation of Authentication Algorithm •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-4540 – Keycloak: exposure of sensitive information in pushed authorization requests (par) kc_restart cookie
https://notcve.org/view.php?id=CVE-2024-4540
Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability. • https://access.redhat.com/errata/RHSA-2024:3566 https://access.redhat.com/errata/RHSA-2024:3567 https://access.redhat.com/errata/RHSA-2024:3568 https://access.redhat.com/errata/RHSA-2024:3570 https://access.redhat.com/errata/RHSA-2024:3572 https://access.redhat.com/errata/RHSA-2024:3573 https://access.redhat.com/errata/RHSA-2024:3574 https://access.redhat.com/errata/RHSA-2024:3575 https://access.redhat.com/errata/RHSA-2024:3576 https://access.redhat.com/security/cve&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •