CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24845 – WordPress Post Thumbnail Editor plugin <= 2.4.8 - Unauthenticated Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-24845
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sewpafly Post Thumbnail Editor.This issue affects Post Thumbnail Editor: from n/a through 2.4.8. ... The Post Thumbnail Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.8. • https://patchstack.com/database/vulnerability/post-thumbnail-editor/wordpress-post-thumbnail-editor-plugin-2-4-8-unauthenticated-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-50939 – IBM PowerSC information Disclosure
https://notcve.org/view.php?id=CVE-2023-50939
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://exchange.xforce.ibmcloud.com/vulnerabilities/275129 https://www.ibm.com/support/pages/node/7113759 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1098 – Rebuild proxy-download QiniuCloud.getStorageFile information disclosure
https://notcve.org/view.php?id=CVE-2024-1098
The manipulation of the argument url leads to information disclosure. ... Mittels dem Manipulieren des Arguments url mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://vuldb.com/?ctiid.252455 https://vuldb.com/?id.252455 https://www.yuque.com/mailemonyeyongjuan/tha8tr/ouiw375l0m8mw5ls • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22236
https://notcve.org/view.php?id=CVE-2024-22236
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency. • https://spring.io/security/cve-2024-22236 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46230 – Sensitive Information Disclosure to Internal Log Files in Splunk Add-on Builder
https://notcve.org/view.php?id=CVE-2023-46230
In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files. • https://advisory.splunk.com/advisories/SVD-2024-0111 • CWE-532: Insertion of Sensitive Information into Log File •