CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32953 – WordPress Newsletters plugin <= 4.9.5 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-32953
Insertion of Sensitive Information into Log File vulnerability in Newsletters.This issue affects Newsletters: from n/a through 4.9.5. ... The Newsletters plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.5. This makes it possible for unauthenticated attackers to extract potentially sensitive information from log files. • https://patchstack.com/database/vulnerability/newsletters-lite/wordpress-newsletters-plugin-4-9-5-sensitive-data-exposure-vulnerability? • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 3.4EPSS: 0%CPEs: -EXPL: 0CVE-2023-38301
https://notcve.org/view.php?id=CVE-2023-38301
Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and T-Mobile Revvl V+ 5G devices leak the device serial number to a system property that can be accessed by any local app on the device without any permissions or special privileges. • https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Ryan%20Johnson%20Mohamed%20Elsabagh%20Angelos%20Stavrou%20-%20Still%20Vulnerable%20Out%20of%20the%20Box%20Revisiting%20the%20Security%20of%20Prepaid%20Android%20Carrier%20Devices.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2023-38296
https://notcve.org/view.php?id=CVE-2023-38296
Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. • https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Ryan%20Johnson%20Mohamed%20Elsabagh%20Angelos%20Stavrou%20-%20Still%20Vulnerable%20Out%20of%20the%20Box%20Revisiting%20the%20Security%20of%20Prepaid%20Android%20Carrier%20Devices.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32782 – WordPress HT Mega plugin <= 2.4.7 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-32782
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HasThemes HT Mega.This issue affects HT Mega: from n/a through 2.4.7. ... This makes it possible for authenticated attackers, with contributor-level access and above, to duplicate arbitrary posts that may contain sensitive information. • https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-plugin-2-4-7-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 30EXPL: 1CVE-2024-4022 – Keenetic KN-1010/KN-1410/KN-1711/KN-1810/KN-1910 Version Data version.js information disclosure
https://notcve.org/view.php?id=CVE-2024-4022
The manipulation leads to information disclosure. ... Mittels Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://netsecfish.notion.site/Information-Disclosure-in-Keenetic-Router-d4a12a499cef4acf80e191bdaf20c151? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •