CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1608 – OPPO Usercenter Credit sdk
https://notcve.org/view.php?id=CVE-2024-1608
20 Feb 2024 — In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction. • https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1759867611954552832 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25150
https://notcve.org/view.php?id=CVE-2024-25150
20 Feb 2024 — Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names. • https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6821 – Error Log Viewer < 1.1.3 - Directory Listing to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-6821
20 Feb 2024 — The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 contains a vulnerability that allows you to read and download PHP logs without authorization El complemento Error Log Viewer de BestWebSoft WordPress anterior a 1.1.3 contiene una vulnerabilidad que le permite leer y descargar registros PHP sin autorización The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization The Error Log... • https://wpscan.com/vulnerability/6b1a998d-c97c-4305-b12a-69e29408ebd9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25933 – WordPress PeproDev Ultimate Invoice plugin <= 1.9.7 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-25933
20 Feb 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pepro Dev. ... The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.7 via the 'init_plugin' function. • https://patchstack.com/database/vulnerability/pepro-ultimate-invoice/wordpress-peprodev-ultimate-invoice-plugin-1-9-7-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7236 – Backup Bolt <= 1.3.0 - Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-7236
20 Feb 2024 — The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information. ... The Backup Bolt plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via error log file. This makes it possible for unauth... • https://wpscan.com/vulnerability/2a4557e2-b764-4678-a6d6-af39dd1ba76b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0593 – Simple Job Board <= 2.10.8 - Missing Authorization to Unauthenticated Information Disclosure
https://notcve.org/view.php?id=CVE-2024-0593
20 Feb 2024 — This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information. • https://plugins.trac.wordpress.org/changeset/3038476/simple-job-board/trunk/includes/class-simple-job-board-ajax.php • CWE-862: Missing Authorization •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50951 – IBM QRadar Suite information disclosure
https://notcve.org/view.php?id=CVE-2023-50951
17 Feb 2024 — IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts. • https://exchange.xforce.ibmcloud.com/vulnerabilities/275747 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22337 – IBM QRadar Suite information disclosure
https://notcve.org/view.php?id=CVE-2024-22337
17 Feb 2024 — IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. • https://exchange.xforce.ibmcloud.com/vulnerabilities/279977 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22336 – IBM QRadar Suite information disclosure
https://notcve.org/view.php?id=CVE-2024-22336
17 Feb 2024 — IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. • https://exchange.xforce.ibmcloud.com/vulnerabilities/279976 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22335 – IBM QRadar Suite information disclosure
https://notcve.org/view.php?id=CVE-2024-22335
17 Feb 2024 — IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. • https://exchange.xforce.ibmcloud.com/vulnerabilities/279975 • CWE-532: Insertion of Sensitive Information into Log File •