CVE-2024-20116
https://notcve.org/view.php?id=CVE-2024-20116
This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/December-2024 • CWE-125: Out-of-bounds Read •
CVE-2024-20136
https://notcve.org/view.php?id=CVE-2024-20136
This could lead to local information disclosure with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/December-2024 • CWE-125: Out-of-bounds Read •
CVE-2024-53804 – WordPress WP Mailster plugin <= 1.8.16.0 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-53804
Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.16.0. ... This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/wp-mailster/vulnerability/wordpress-wp-mailster-plugin-1-8-16-0-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVE-2024-53798 – WordPress FloristPress plugin <= 7.3.0 - Nonce Leakage to Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-53798
The FloristPress – Customize your Woo store for your Florist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in all versions up to, and including, 7.3.0. • https://patchstack.com/database/wordpress/plugin/bakkbone-florist-companion/vulnerability/wordpress-floristpress-plugin-7-3-0-nonce-leakage-to-broken-access-control-vulnerability? • CWE-862: Missing Authorization •
CVE-2024-51769 – Hewlett Packard Enterprise AutoPass License Server SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-51769
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise AutoPass License Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 5814 by default. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. •