CVSS: 8.2EPSS: 0%CPEs: 488EXPL: 0CVE-2023-24848 – Buffer Over-read in Data Modem
https://notcve.org/view.php?id=CVE-2023-24848
Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value. • https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin • CWE-126: Buffer Over-read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2487 – WordPress WP Ultimate Exporter Plugin <= 2.4.1 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-2487
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Smackcoders Export All Posts, Products, Orders, Refunds & Users. Este problema afecta a Export All Posts, Products, Orders, Refunds & Users: desde n/a hasta 2.4.1. The WP Ultimate Exporter plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.4.1 due to insufficient protection on the directory in which exported files are stored in. This can allow unauthenticated attackers to extract sensitive data from accessible log files which can contain information from posts, pages, users, comments, and more. • https://patchstack.com/database/vulnerability/wp-ultimate-exporter/wordpress-export-all-posts-products-orders-refunds-users-plugin-2-2-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.4EPSS: 0%CPEs: 16EXPL: 0CVE-2023-32819
https://notcve.org/view.php?id=CVE-2023-32819
In display, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/October-2023 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44150 – WordPress ProfilePress Plugin <= 4.13.2 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-44150
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.13.2. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en el complemento de membresía paga del equipo de membresía de ProfilePress, comercio electrónico, formulario de registro, formulario de inicio de sesión, perfil de usuario y contenido restringido: ProfilePress. Este problema afecta el complemento de membresía paga, el comercio electrónico, el formulario de registro, el formulario de inicio de sesión y el perfil de usuario. & Restringir contenido – ProfilePress: desde n/a hasta 4.13.2. The ProfilePress plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.13.2 via the unprotected access of debug logs. • https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilepress-plugin-4-13-2-sensitive-data-exposure-via-debug-log-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 1CVE-2023-0989 – Improper Ownership Management in GitLab
https://notcve.org/view.php?id=CVE-2023-0989
An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration. • https://gitlab.com/gitlab-org/gitlab/-/issues/417275 https://hackerone.com/reports/1875515 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-282: Improper Ownership Management •