CVE-2023-48680
https://notcve.org/view.php?id=CVE-2023-48680
Sensitive information disclosure due to excessive collection of system information. • https://security-advisory.acronis.com/advisories/SEC-5392 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVE-2023-48678
https://notcve.org/view.php?id=CVE-2023-48678
Sensitive information disclosure due to insecure folder permissions. • https://security-advisory.acronis.com/advisories/SEC-2319 • CWE-276: Incorrect Default Permissions •
CVE-2024-26144 – Possible Sensitive Session Information Leak in Active Storage
https://notcve.org/view.php?id=CVE-2024-26144
Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. ... Certain proxies may cache the Set-Cookie, leading to an information leak. • https://github.com/gmo-ierae/CVE-2024-26144-test https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945 https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433 https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3 https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml https://security.netapp.com/advisory/ntap • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-0680 – WP Private Content Plus <= 3.6 - Protection Mechanism Bypass
https://notcve.org/view.php?id=CVE-2024-0680
The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. • https://wordpress.org/plugins/wp-private-content-plus https://www.wordfence.com/threat-intel/vulnerabilities/id/43d8904f-3bc9-4c67-b44b-8d78762b6b30?source=cve • CWE-693: Protection Mechanism Failure •
CVE-2024-0681 – Page Restriction WordPress (WP) – Protect WP Pages/Post <= 1.3.4 - Protection Mechanism Bypass
https://notcve.org/view.php?id=CVE-2024-0681
The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034414%40page-and-post-restriction&new=3034414%40page-and-post-restriction&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/a3e33a5c-df7c-4ef5-a59c-1c31abcda6d1?source=cve • CWE-693: Protection Mechanism Failure •