CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1670 – Debian Security Advisory 5629-1
https://notcve.org/view.php?id=CVE-2024-1670
21 Feb 2024 — (Severidad de seguridad de Chrome: alta) Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. • https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1669 – Debian Security Advisory 5629-1
https://notcve.org/view.php?id=CVE-2024-1669
21 Feb 2024 — (Severidad de seguridad de Chrome: alta) Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. • https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0407 – Certain HP Enterprise LaserJet, HP LaserJet Managed Printers – Potential Information Disclosure
https://notcve.org/view.php?id=CVE-2024-0407
20 Feb 2024 — Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions may have been trusted without the appropriate CA certificate in the device's certificate store. • https://support.hp.com/us-en/document/ish_10174094-10174120-16 •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50306 – IBM Common Licensing information disclosure
https://notcve.org/view.php?id=CVE-2023-50306
20 Feb 2024 — IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. IBM X-Force ID: 273337. IBM Common Licensing 9.0 podría permitir a un usuario local enumerar nombres de usuario debido a una discrepancia de respuesta observable. ID de IBM X-Force: 273337. • https://exchange.xforce.ibmcloud.com/vulnerabilities/273337 • CWE-204: Observable Response Discrepancy •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1608 – OPPO Usercenter Credit sdk
https://notcve.org/view.php?id=CVE-2024-1608
20 Feb 2024 — In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction. • https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1759867611954552832 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25150
https://notcve.org/view.php?id=CVE-2024-25150
20 Feb 2024 — Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names. • https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6821 – Error Log Viewer < 1.1.3 - Directory Listing to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-6821
20 Feb 2024 — The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 contains a vulnerability that allows you to read and download PHP logs without authorization El complemento Error Log Viewer de BestWebSoft WordPress anterior a 1.1.3 contiene una vulnerabilidad que le permite leer y descargar registros PHP sin autorización The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization The Error Log... • https://wpscan.com/vulnerability/6b1a998d-c97c-4305-b12a-69e29408ebd9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25933 – WordPress PeproDev Ultimate Invoice plugin <= 1.9.7 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-25933
20 Feb 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pepro Dev. ... The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.7 via the 'init_plugin' function. • https://patchstack.com/database/vulnerability/pepro-ultimate-invoice/wordpress-peprodev-ultimate-invoice-plugin-1-9-7-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7236 – Backup Bolt <= 1.3.0 - Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-7236
20 Feb 2024 — The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information. ... The Backup Bolt plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via error log file. This makes it possible for unauth... • https://wpscan.com/vulnerability/2a4557e2-b764-4678-a6d6-af39dd1ba76b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0593 – Simple Job Board <= 2.10.8 - Missing Authorization to Unauthenticated Information Disclosure
https://notcve.org/view.php?id=CVE-2024-0593
20 Feb 2024 — This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information. • https://plugins.trac.wordpress.org/changeset/3038476/simple-job-board/trunk/includes/class-simple-job-board-ajax.php • CWE-862: Missing Authorization •