CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20047
https://notcve.org/view.php?id=CVE-2024-20047
This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/April-2024 •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-20045
https://notcve.org/view.php?id=CVE-2024-20045
This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/April-2024 •
CVSS: 4.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-20041
https://notcve.org/view.php?id=CVE-2024-20041
This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/April-2024 • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2931 – WPFront User Role Editor <= 3.2.1.11184 - Limited Information Exposure
https://notcve.org/view.php?id=CVE-2024-2931
The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract retrieve a list of all user email addresses who are registered on the site. El complemento WPFront User Role Editor para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 3.2.1.11184 incluida a través de la acción AJAX wpfront_user_role_editor_assign_roles_user_autocomplete. Esto hace posible que los atacantes autenticados, con acceso de nivel de suscriptor y superior, extraigan y recuperen una lista de todas las direcciones de correo electrónico de los usuarios que están registrados en el sitio. • https://inky-knuckle-2c2.notion.site/WPFront-User-Role-Editor-Information-disclosure-7435b8340a004f5f8485cad375326b2c https://plugins.trac.wordpress.org/changeset/3061241/wpfront-user-role-editor/trunk/includes/users/class-assign-migrate.php https://www.wordfence.com/threat-intel/vulnerabilities/id/078a0647-fc3a-436c-bf00-8776b16e66ff? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50311 – IBM CICS Transaction Gateway for Multiplatforms information disclosure
https://notcve.org/view.php?id=CVE-2023-50311
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 273612. IBM CICS Transaction Gateway for Multiplatforms 9.2 y 9.3 transmite o almacena credenciales de autenticación, pero utiliza un método inseguro que es susceptible de interceptación y/o recuperación no autorizada. ID de IBM X-Force: 273612. IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 could disclose sensitive path information to an attacker that could reveal through debugging or error messages. • https://exchange.xforce.ibmcloud.com/vulnerabilities/273612 https://https://www.ibm.com/support/pages/node/7145418 • CWE-522: Insufficiently Protected Credentials •