CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2931 – WPFront User Role Editor <= 3.2.1.11184 - Limited Information Exposure
https://notcve.org/view.php?id=CVE-2024-2931
01 Apr 2024 — The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. • https://inky-knuckle-2c2.notion.site/WPFront-User-Role-Editor-Information-disclosure-7435b8340a004f5f8485cad375326b2c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50311 – IBM CICS Transaction Gateway for Multiplatforms information disclosure
https://notcve.org/view.php?id=CVE-2023-50311
31 Mar 2024 — IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 could disclose sensitive path information to an attacker that could reveal through debugging or error messages. • https://exchange.xforce.ibmcloud.com/vulnerabilities/273612 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-50959 – IBM Cloud Pak for Business Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-50959
31 Mar 2024 — IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938. IBM Cloud Pak para automatización empresarial 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1 y 23.... • https://exchange.xforce.ibmcloud.com/vulnerabilities/275938 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-25027 – IBM Security Verify Access Container information disclosure
https://notcve.org/view.php?id=CVE-2024-25027
31 Mar 2024 — IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. • https://packetstorm.news/files/id/182466 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30246 – Tuleap deleting or moving an artifact can delete values from unrelated artifacts
https://notcve.org/view.php?id=CVE-2024-30246
29 Mar 2024 — A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control exactly which information is deleted. Information from theDate, File, Float, Int, List, OpenList, Text, and Permissions on artifact (this one can lead to the disclosure of restricted information) fields can be impacted. • https://github.com/Enalean/tuleap/commit/a0ba0ae82a29eb8bfacef286778e5e49954f5316 • CWE-440: Expected Behavior Violation CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29020 – JumpServer allows nn authorized attacker to get sensitive information in playbook files when playbook_id is leaked
https://notcve.org/view.php?id=CVE-2024-29020
29 Mar 2024 — An authorized attacker can obtain sensitive information contained within playbook files if they manage to learn the playbook_id of another user. This breach of confidentiality can lead to information disclosure and exposing sensitive data. • https://github.com/jumpserver/jumpserver/security/advisories/GHSA-7mqc-23hr-cr62 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30511 – WordPress FG PrestaShop to WooCommerce plugin <= 4.45.1 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-30511
29 Mar 2024 — Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.45.1. ... The FG PrestaShop to WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.45.1. • https://patchstack.com/database/vulnerability/fg-prestashop-to-woocommerce/wordpress-fg-prestashop-to-woocommerce-plugin-4-45-1-sensitive-data-exposure-via-log-file-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25971
https://notcve.org/view.php?id=CVE-2024-25971
28 Mar 2024 — A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service. • https://www.dell.com/support/kbdoc/en-us/000223556/dsa-2024-132-security-update-dell-power-protect-data-manager-for-multiple-security-vulnerabilities • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2024-25963
https://notcve.org/view.php?id=CVE-2024-25963
28 Mar 2024 — A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure. • https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.9EPSS: 0%CPEs: 4EXPL: 0CVE-2024-25959
https://notcve.org/view.php?id=CVE-2024-25959
28 Mar 2024 — Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges. • https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-532: Insertion of Sensitive Information into Log File •