CVE-2024-25923 – WordPress Community by PeepSo plugin <= 6.2.7.0 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-25923
This makes it possible for unauthenticated attackers to extract sensitive data from log files. • https://patchstack.com/database/vulnerability/peepso-core/wordpress-community-by-peepso-plugin-6-2-7-0-sensitive-data-exposure-via-log-file-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVE-2024-24699 – Zoom Clients - Business Logic Error
https://notcve.org/view.php?id=CVE-2024-24699
Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access. • https://www.zoom.com/en/trust/security-bulletin/ZSB-24006 •
CVE-2024-25118 – Information Disclosure of Hashed Passwords in TYPO3 Backend Forms
https://notcve.org/view.php?id=CVE-2024-25118
TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. • https://github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w https://typo3.org/security/advisory/typo3-core-sa-2024-003 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-25119 – Information Disclosure of Encryption Key in TYPO3 Install Tool
https://notcve.org/view.php?id=CVE-2024-25119
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS['SYS']['encryptionKey']` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. • https://github.com/TYPO3/typo3/security/advisories/GHSA-h47m-3f78-qp9g https://typo3.org/security/advisory/typo3-core-sa-2024-004 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-21380 – Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-21380
Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de Microsoft Dynamics Business Central/NAV • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21380 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •