CVE-2023-4930 – Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing
https://notcve.org/view.php?id=CVE-2023-4930
This makes it possible for unauthenticated attackers to extract sensitive data including attachments to private messages. • https://wpscan.com/vulnerability/c73b3276-e6f1-4f22-a888-025e5d0504f2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •
CVE-2021-4430 – Ortus Solutions ColdBox Elixir ENV Variable defaultConfig.js information disclosure
https://notcve.org/view.php?id=CVE-2021-4430
The manipulation leads to information disclosure. ... Durch Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/Ortus-Solutions/coldbox-elixir/commit/a3aa62daea2e44c76d08d1eac63768cd928cd69e https://github.com/Ortus-Solutions/coldbox-elixir/releases/tag/v3.1.7 https://vuldb.com/?ctiid.244485 https://vuldb.com/?id.244485 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-32825
https://notcve.org/view.php?id=CVE-2023-32825
This could lead to local information disclosure with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/November-2023 • CWE-125: Out-of-bounds Read •
CVE-2023-47668 – WordPress Restrict Content Plugin <= 3.2.7 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-47668
This makes it possible for unauthenticated attackers to extract sensitive data including debug information. • https://github.com/RandomRobbieBF/CVE-2023-47668 https://patchstack.com/database/vulnerability/restrict-content/wordpress-restrict-content-plugin-3-2-7-sensitive-data-exposure-via-log-file-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-5906 – Job Manager & Career < 1.4.4 - Directory listing to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-5906
This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of other users without their permission. ... This makes it possible for unauthenticated attackers to extract sensitive data including uploaded job applications. • https://wpscan.com/vulnerability/911d495c-3867-4259-a73a-572cd4fccdde • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •