CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23838 – TrueLayer.Client SSRF when fetching payment or payment provider
https://notcve.org/view.php?id=CVE-2024-23838
For applications using the SDK, requests to unexpected resources on local networks or to the internet could be made which could lead to information disclosure. • https://github.com/TrueLayer/truelayer-dotnet/commit/75e436ed5360faa73d6e7ce3a9903a3c49505e3e https://github.com/TrueLayer/truelayer-dotnet/security/advisories/GHSA-67m4-qxp3-j6hh • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1033 – openBI Datament.php agent information disclosure
https://notcve.org/view.php?id=CVE-2024-1033
The manipulation of the argument api leads to information disclosure. ... Dank Manipulation des Arguments api mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://note.zhaoj.in/share/nD654ot6zRQZ https://vuldb.com/?ctiid.252308 https://vuldb.com/?id.252308 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7204 – WP STAGING WordPress Backup Plugin < 3.2.0 - Unauthorized Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-7204
This makes it possible for unauthenticated attackers to extract sensitive data. • https://wpscan.com/vulnerability/65a8cf83-d6cc-4d4c-a482-288a83a69879 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21382 – Microsoft Edge for Android Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-21382
Microsoft Edge for Android Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de Microsoft Edge para Android • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21382 • CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23619 – IBM Merge Healthcare eFilm Workstation Hardcoded Credentials
https://notcve.org/view.php?id=CVE-2024-23619
A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution. • https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-information-disclosure • CWE-798: Use of Hard-coded Credentials •