CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5331 – File Information Leak via IDOR in file_id in Draft Posts
https://notcve.org/view.php?id=CVE-2023-5331
Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information. Mattermost no verifica adecuadamente el creador de un archivo adjunto al agregar el fichero a un borrador de publicación, lo que potencialmente expone información del archivo no autorizada. • https://mattermost.com/security-updates • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46820 – WordPress Image Regenerate & Select Crop Plugin <= 7.3.0 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-46820
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Iulia Cazan Image Regenerate & Select Crop.This issue affects Image Regenerate & Select Crop: from n/a through 7.3.0. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Iulia Cazan Image Regenerate & Select Crop. Este problema afecta a Image Regenerate & Select Crop: desde n/a hasta 7.3.0. The Image Regenerate & Select Crop plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.3.0 via the log file directory. This can allow unauthenticated attackers to extract sensitive data if directory indexing is enabled or if they are able to determine the log file format and bruteforce potential log filenames. • https://patchstack.com/database/vulnerability/image-regenerate-select-crop/wordpress-image-regenerate-select-crop-plugin-7-3-0-sensitive-data-exposure-via-log-file-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2023-40650
https://notcve.org/view.php?id=CVE-2023-40650
This could lead to local information disclosure with no additional execution privileges needed En Telecom service, es posible que falte una verificación de permiso. • https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40649
https://notcve.org/view.php?id=CVE-2023-40649
This could lead to local information disclosure with no additional execution privileges needed En Messaging, es posible que falte una verificación de permiso. • https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40648
https://notcve.org/view.php?id=CVE-2023-40648
This could lead to local information disclosure with no additional execution privileges needed En Messaging, es posible que falte una verificación de permiso. • https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074 • CWE-862: Missing Authorization •