CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25957
https://notcve.org/view.php?id=CVE-2024-25957
Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext storage of sensitive information vulnerability in its appsync module. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure that could be used to access the appsync application with elevated privileges. • https://www.dell.com/support/kbdoc/en-us/000223508/dsa-2024-121-security-update-for-grab-for-windows-vulnerabilities • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22356 – IBM App Connect Enterprise and IBM Integration Bus for z/OS information disclosure
https://notcve.org/view.php?id=CVE-2024-22356
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. • https://exchange.xforce.ibmcloud.com/vulnerabilities/280893 https://www.ibm.com/support/pages/node/7145144 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33855 – IBM Common Cryptographic Architecture information disclosure
https://notcve.org/view.php?id=CVE-2023-33855
This could allow a remote attacker to obtain sensitive information using a timing-based attack. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257676 https://www.ibm.com/support/pages/node/7145168 • CWE-385: Covert Timing Channel •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30233 – WordPress WholesaleX plugin <= 1.3.1 - Sensitive Data Exposure on User Export vulnerability
https://notcve.org/view.php?id=CVE-2024-30233
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. ... The WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the 'export_users'. • https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-1-sensitive-data-exposure-on-user-export-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2261 – Event Tickets and Registration <= 5.8.2 - Improper Authorization to Information Disclosure
https://notcve.org/view.php?id=CVE-2024-2261
The Event Tickets and Registration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.8.2 via the RSVP functionality. • https://plugins.trac.wordpress.org/changeset?old_path=/event-tickets/tags/5.8.2&old=3059268&new_path=/event-tickets/tags/5.8.3&new=3059268&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/2e42dd1c-adf7-471a-a14a-9038c56413a2?source=cve • CWE-639: Authorization Bypass Through User-Controlled Key •