CVE-2024-40090
https://notcve.org/view.php?id=CVE-2024-40090
Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Information Disclosure. An information leak in the Boa webserver allows remote, unauthenticated attackers to leak memory addresses of uClibc and the stack via sending a GET request to the index page. • http://vilo.com https://github.com/byu-cybersecurity-research/vilo/blob/main/vulns/CVE-2024-40090.md • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2024-9627 – TeploBot - Telegram Bot for WP <= 1.3 - Telegram Bot Token Disclosure
https://notcve.org/view.php?id=CVE-2024-9627
The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'service_process' function in all versions up to, and including, 1.3. • https://www.wordfence.com/threat-intel/vulnerabilities/id/091dadcb-71ac-4321-b3aa-72b5fbbd9163?source=cve https://plugins.trac.wordpress.org/browser/green-wp-telegram-bot-by-teplitsa/trunk/inc/core.php?rev=1754863#L266 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-49683 – WordPress Schema & Structured Data for WP & AMP plugin <= 1.3.5 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-49683
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.35 via uploads stored in an unsafe directory. • https://patchstack.com/database/vulnerability/schema-and-structured-data-for-wp/wordpress-schema-structured-data-for-wp-amp-plugin-1-3-5-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVE-2024-48016
https://notcve.org/view.php?id=CVE-2024-48016
A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. • https://www.dell.com/support/kbdoc/en-us/000237211/dsa-2024-407-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2024-42508
https://notcve.org/view.php?id=CVE-2024-42508
This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04721en_us&docLocale=en_US • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •