CVSS: 7.1EPSS: %CPEs: -EXPL: 0CVE-2024-9710 – PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9710
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49284 – WordPress WP SendFox plugin <= 1.3.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-49284
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BogdanFix WP SendFox allows Retrieve Embedded Sensitive Data.This issue affects WP SendFox: from n/a through 1.3.1. The WP SendFox plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1. • https://patchstack.com/database/vulnerability/wp-sendfox/wordpress-wp-sendfox-plugin-1-3-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9953 – Potential DoS Vulnerability in CERT VINCE Software Before Version 3.0.8
https://notcve.org/view.php?id=CVE-2024-9953
A Potential DOS Vulnerability exists in CERT VINCE software prior to version 3.0.8. An authenticated administrative user can inject an arbitrary pickle object as part of a user's profile. This can lead to a potential DoS on the server when the user's profile is accessed. Django server does restrict unpickling from crashing the server. A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. • https://github.com/CERTCC/VINCE/issues?q=label%3Asecurity • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45739 – Sensitive information disclosure in AdminManager logging channel
https://notcve.org/view.php?id=CVE-2024-45739
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level. • https://advisory.splunk.com/advisories/SVD-2024-1009 https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45738 – Sensitive information disclosure in REST_Calls logging channel
https://notcve.org/view.php?id=CVE-2024-45738
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level. • https://advisory.splunk.com/advisories/SVD-2024-1008 https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •