CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33914 – WordPress Exclusive Addons for Elementor plugin <= 2.6.9.1 - Broken Access Control on Post Duplication vulnerability
https://notcve.org/view.php?id=CVE-2024-33914
29 Apr 2024 — This makes it possible for authenticated attackers, with contributor-level access and above, to duplicate other users posts which can lead to information disclosure for private posts. • https://patchstack.com/database/vulnerability/exclusive-addons-for-elementor/wordpress-exclusive-addons-for-elementor-plugin-2-6-9-1-broken-access-control-on-post-duplication-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33922 – WordPress WP Media Cleaner plugin <= 6.7.2 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-33922
29 Apr 2024 — Insertion of Sensitive Information into Log File vulnerability in Jordy Meow WP Media Cleaner.This issue affects WP Media Cleaner: from n/a through 6.7.2. ... plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.7.2 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files. • https://patchstack.com/database/vulnerability/media-cleaner/wordpress-wp-media-cleaner-plugin-6-7-2-sensitive-data-exposure-via-log-file-vulnerability? • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33669
https://notcve.org/view.php?id=CVE-2024-33669
26 Apr 2024 — It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. • https://help.passbolt.com/incidents/pwned-password-service-information-leak • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33637 – WordPress Solid Affiliate plugin <= 1.9.1 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-33637
25 Apr 2024 — Insertion of Sensitive Information into Log File vulnerability in Solid Plugins Solid Affiliate.This issue affects Solid Affiliate: from n/a through 1.9.1. ... The Solid Affiliate plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files. • https://patchstack.com/database/vulnerability/solid-affiliate/wordpress-solid-affiliate-plugin-1-9-1-sensitive-data-exposure-via-log-file-vulnerability? • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33575 – WordPress User Meta plugin <= 3.0 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-33575
25 Apr 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta.This issue affects User Meta: from n/a through 3.0. ... The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0 via the /views/debug.php file. • https://patchstack.com/database/vulnerability/user-meta/wordpress-user-meta-plugin-3-0-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33538 – WordPress Assistant – Every Day Productivity Apps plugin <= 1.4.9.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-33538
25 Apr 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Fastline Media LLC Assistant – Every Day Productivity Apps.This issue affects Assistant – Every Day Productivity Apps: from n/a through 1.4.9.1. ... The Assistant – Every Day Productivity Apps plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9.1 via publicly accessible files. This makes it possible for unauthenticated attackers to view potentially sensitive ... • https://patchstack.com/database/vulnerability/assistant/wordpress-assistant-every-day-productivity-apps-plugin-1-4-9-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26926 – binder: check offset alignment in binder_get_object()
https://notcve.org/view.php?id=CVE-2024-26926
24 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") introduced changes to how binder objects are copied. In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") introduced changes to how binde... • https://git.kernel.org/stable/c/c056a6ba35e00ae943e377eb09abd77a6915b31a •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28963
https://notcve.org/view.php?id=CVE-2024-28963
24 Apr 2024 — Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability to read sensitive proxy settings information. • https://www.dell.com/support/kbdoc/en-us/000224317/dsa-2024-170 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2760 – Bkav Home v7816, build 2403161130 - Kernel Memory Leak
https://notcve.org/view.php?id=CVE-2024-2760
23 Apr 2024 — Bkav Home v7816, build 2403161130 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x222240 IOCTL code of the BkavSDFlt.sys driver. • https://fluidattacks.com/advisories/kent • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23527 – Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-23527
23 Apr 2024 — An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. • https://www.ivanti.com/blog/security-update-for-ivanti-avalanche •