CVE-2023-6150 – Information Disclosure in Eskom E-municipality
https://notcve.org/view.php?id=CVE-2023-6150
Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105. ... Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105. • https://www.usom.gov.tr/bildirim/tr-23-0664 • CWE-269: Improper Privilege Management CWE-648: Incorrect Use of Privileged APIs •
CVE-2023-4667 – Stored Cross Site Scripting in webserver administration
https://notcve.org/view.php?id=CVE-2023-4667
The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface. The root cause of the vulnerability is inadequate input validation and output encoding in the web administration interface component of the firmware. This could lead to unauthorized access and data leakage La interfaz web de PAC Device permite que el perfil de usuario del administrador del dispositivo almacene scripts maliciosos en algunos campos. • https://www.idemia.com/vulnerability-information • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-44991 – WordPress Media File Renamer Plugin <= 5.6.9 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-44991
This makes it possible for unauthenticated attackers to extract sensitive data including file upload events and paths. • https://patchstack.com/database/vulnerability/media-file-renamer/wordpress-media-file-renamer-plugin-5-6-9-sensitive-data-exposure-via-debug-log-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-44982 – WordPress WP Retina 2x Plugin <= 6.4.5 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-44982
This makes it possible for unauthenticated attackers to extract sensitive data. • https://patchstack.com/database/vulnerability/wp-retina-2x/wordpress-wp-retina-2x-plugin-6-4-5-sensitive-data-exposure-via-log-file-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-44983 – WordPress Aruba HiSpeed Cache Plugin <= 2.0.6 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-44983
This makes it possible for unauthenticated attackers to extract sensitive data including debug and trace information. • https://patchstack.com/database/vulnerability/aruba-hispeed-cache/wordpress-aruba-hispeed-cache-plugin-2-0-6-sensitive-data-exposure-via-log-file-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •