CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9546 – WPIDE <= 3.4.9 - Unauthenticated Full Path Dislcosure
https://notcve.org/view.php?id=CVE-2024-9546
The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. ... The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. • https://plugins.trac.wordpress.org/browser/wpide/tags/3.4.9/vendor/nikic/php-parser/grammar/rebuildParsers.php#L77 https://www.wordfence.com/threat-intel/vulnerabilities/id/e884af8b-c83f-4380-bfaf-f1419fce125c?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49235 – WordPress Contact Forms, Live Support, CRM, Video Messages plugin <= 1.10.2 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-49235
Insertion of Sensitive Information Into Sent Data vulnerability in VideoWhisper.Com Contact Forms, Live Support, CRM, Video Messages allows Retrieve Embedded Sensitive Data.This issue affects Contact Forms, Live Support, CRM, Video Messages: from n/a through 1.10.2. The Contact Forms, Live Support, CRM, Video Messages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.10.3. • https://patchstack.com/database/vulnerability/live-support-tickets/wordpress-contact-forms-live-support-crm-video-messages-plugin-1-10-2-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-9539
https://notcve.org/view.php?id=CVE-2024-9539
An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. • https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.16 https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.10 https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.5 https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5474
https://notcve.org/view.php?id=CVE-2024-5474
A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. • https://support.lenovo.com/us/en/product_security/LEN-158394 • CWE-276: Incorrect Default Permissions •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8530 – Schneider Electric EcoStruxure Data Center Expert Missing Authentication Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-8530
The vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Data Center Expert. ... An attacker can leverage this vulnerability to disclose sensitive information, leading to further compromise. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-01.pdf • CWE-306: Missing Authentication for Critical Function •