CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-4300 – FS-EZViewer(Web) - Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2024-4300
FS-EZViewer(Web) exposes sensitive information in the service. ... With this information, attackers can connect to the database and perform actions such as adding, modifying, or deleting database contents. • https://www.twcert.org.tw/tw/cp-132-7774-fbd01-1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33914 – WordPress Exclusive Addons for Elementor plugin <= 2.6.9.1 - Broken Access Control on Post Duplication vulnerability
https://notcve.org/view.php?id=CVE-2024-33914
This makes it possible for authenticated attackers, with contributor-level access and above, to duplicate other users posts which can lead to information disclosure for private posts. • https://patchstack.com/database/vulnerability/exclusive-addons-for-elementor/wordpress-exclusive-addons-for-elementor-plugin-2-6-9-1-broken-access-control-on-post-duplication-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33922 – WordPress WP Media Cleaner plugin <= 6.7.2 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-33922
Insertion of Sensitive Information into Log File vulnerability in Jordy Meow WP Media Cleaner.This issue affects WP Media Cleaner: from n/a through 6.7.2. ... plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.7.2 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files. • https://patchstack.com/database/vulnerability/media-cleaner/wordpress-wp-media-cleaner-plugin-6-7-2-sensitive-data-exposure-via-log-file-vulnerability? • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-33669
https://notcve.org/view.php?id=CVE-2024-33669
It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. • https://blog.quarkslab.com/passbolt-a-bold-use-of-haveibeenpwned.html https://haveibeenpwned.com https://help.passbolt.com/incidents/pwned-password-service-information-leak https://www.passbolt.com https://www.passbolt.com/security/more • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-1139 – Cluster-monitoring-operator: credentials leak
https://notcve.org/view.php?id=CVE-2024-1139
A credentials leak vulnerability was found in the cluster monitoring operator in OCP. • https://access.redhat.com/errata/RHSA-2024:1887 https://access.redhat.com/errata/RHSA-2024:1891 https://access.redhat.com/errata/RHSA-2024:2047 https://access.redhat.com/errata/RHSA-2024:2782 https://access.redhat.com/security/cve/CVE-2024-1139 https://bugzilla.redhat.com/show_bug.cgi?id=2262158 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •