CVE-2023-50948 – IBM Storage Fusion HCI information disclosure
https://notcve.org/view.php?id=CVE-2023-50948
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. • https://exchange.xforce.ibmcloud.com/vulnerabilities/275671 https://www.ibm.com/support/pages/node/7105509 • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •
CVE-2023-49961
https://notcve.org/view.php?id=CVE-2023-49961
WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure. • https://www.wallix.com/support/alerts •
CVE-2024-22216
https://notcve.org/view.php?id=CVE-2024-22216
In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. • https://www.microchip.com/en-us/solutions/embedded-security/how-to-report-potential-product-security-vulnerabilities/maxview-storage-manager-redfish-server-vulnerability •
CVE-2024-22138 – WordPress Seraphinite Accelerator plugin <= 2.20.47 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-22138
This makes it possible for unauthenticated attackers to extract sensitive user or configuration data from log files. • https://patchstack.com/database/vulnerability/seraphinite-accelerator/wordpress-seraphinite-accelerator-plugin-2-20-44-sensitive-data-exposure-via-log-file-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVE-2023-52234 – Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2023-52234
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Elite for WooCommerce.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.2. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Booster Booster Elite para WooCommerce. Este problema afecta a Booster Elite para WooCommerce: desde n/a antes de 7.1.2. The Booster Elite for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to 7.1.2 (exclusive). This makes it possible for authenticated attackers, with subscriber-level access and above, to view arbitrary order information. • https://patchstack.com/database/vulnerability/booster-elite-for-woocommerce/wordpress-booster-elite-for-woocommerce-plugin-7-1-2-authenticated-arbitrary-order-information-disclosure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •