CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51472 – IBM DevOps Deploy / IBM UrbanCode Deploy HTML injection
https://notcve.org/view.php?id=CVE-2024-51472
06 Jan 2025 — This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. • https://www.ibm.com/support/pages/node/7177856 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12535 – Host PHP Info <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2024-12535
06 Jan 2025 — The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited. El complemento Host PHP Info para WordPress es vulnerable al acceso no autorizado a los datos debido... • https://github.com/RandomRobbieBF/CVE-2024-12535 • CWE-862: Missing Authorization •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10527 – Spacer <= 3.0.7 - Missing Authorization to Authenticated (Subscriber+) Limited Information Disclosure
https://notcve.org/view.php?id=CVE-2024-10527
06 Jan 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to view limited setting information. • https://plugins.trac.wordpress.org/browser/spacer/tags/3.0.7/index.php#L85 • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-43063 – Buffer Over-read in Automotive Autonomy
https://notcve.org/view.php?id=CVE-2024-43063
06 Jan 2025 — information disclosure while invoking the mailbox read API. • https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-33067 – Buffer Over-read in Audio
https://notcve.org/view.php?id=CVE-2024-33067
06 Jan 2025 — Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. • https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33061 – Buffer Over-read in DSP Service
https://notcve.org/view.php?id=CVE-2024-33061
06 Jan 2025 — Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process. • https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 6.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-23366 – Buffer Over-read in Automotive Autonomy
https://notcve.org/view.php?id=CVE-2024-23366
06 Jan 2025 — Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size. • https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-20153
https://notcve.org/view.php?id=CVE-2024-20153
06 Jan 2025 — This could lead to remote information disclosure with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/January-2025 • CWE-304: Missing Critical Step in Authentication •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22306 – WordPress Link Whisper Free plugin <= 0.7.7 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-22306
06 Jan 2025 — Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.7.7. The Link Whisper Free plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.7.8. • https://patchstack.com/database/wordpress/plugin/link-whisper/vulnerability/wordpress-link-whisper-free-plugin-0-7-7-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22303 – WordPress WP Mailster plugin <= 1.8.17.0 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-22303
06 Jan 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.17.0. ... The WP Mailster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.17.0. • https://patchstack.com/database/wordpress/plugin/wp-mailster/vulnerability/wordpress-wp-mailster-plugin-1-8-17-0-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •