CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25957
https://notcve.org/view.php?id=CVE-2024-25957
26 Mar 2024 — Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext storage of sensitive information vulnerability in its appsync module. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure that could be used to access the appsync application with elevated privileges. • https://www.dell.com/support/kbdoc/en-us/000223508/dsa-2024-121-security-update-for-grab-for-windows-vulnerabilities • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22356 – IBM App Connect Enterprise and IBM Integration Bus for z/OS information disclosure
https://notcve.org/view.php?id=CVE-2024-22356
26 Mar 2024 — IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. • https://exchange.xforce.ibmcloud.com/vulnerabilities/280893 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33855 – IBM Common Cryptographic Architecture information disclosure
https://notcve.org/view.php?id=CVE-2023-33855
26 Mar 2024 — This could allow a remote attacker to obtain sensitive information using a timing-based attack. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257676 • CWE-385: Covert Timing Channel •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2261 – Event Tickets and Registration <= 5.8.2 - Improper Authorization to Information Disclosure
https://notcve.org/view.php?id=CVE-2024-2261
26 Mar 2024 — The Event Tickets and Registration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.8.2 via the RSVP functionality. • https://plugins.trac.wordpress.org/changeset?old_path=/event-tickets/tags/5.8.2&old=3059268&new_path=/event-tickets/tags/5.8.3&new=3059268&sfp_email=&sfph_mail= • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30233 – WordPress WholesaleX plugin <= 1.3.1 - Sensitive Data Exposure on User Export vulnerability
https://notcve.org/view.php?id=CVE-2024-30233
26 Mar 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. ... The WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the 'export_users'. • https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-1-sensitive-data-exposure-on-user-export-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 84%CPEs: 11EXPL: 1CVE-2024-29059 – Microsoft .NET Framework Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-29059
22 Mar 2024 — .NET Framework Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de .NET Framework Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution. • https://github.com/codewhitesec/HttpRemotingObjRefLeak • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32751 – IBM Security Verify Directory information disclosure
https://notcve.org/view.php?id=CVE-2022-32751
22 Mar 2024 — IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228437 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32756 – IBM Security Verify Directory information disclosure
https://notcve.org/view.php?id=CVE-2022-32756
22 Mar 2024 — IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228507 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32753 – IBM Security Verify Directory information disclosure
https://notcve.org/view.php?id=CVE-2022-32753
22 Mar 2024 — IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228444 • CWE-326: Inadequate Encryption Strength •
CVSS: 3.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-1742 – Information disclosure in mk_oracle Checkmk agent plugin
https://notcve.org/view.php?id=CVE-2024-1742
22 Mar 2024 — Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list. • https://checkmk.com/werk/16234 • CWE-214: Invocation of Process Using Visible Sensitive Information •