CVSS: 8.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-52538 – Dell Avamar Fitness Analyzer API SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-52538
10 Dec 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Dell Avamar. • https://www.dell.com/support/kbdoc/en-us/000258636/dsa-2024-489-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-security-update-for-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 0CVE-2024-37144
https://notcve.org/view.php?id=CVE-2024-37144
10 Dec 2024 — Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Insecure Storage of Sensitive Information vulnerability. A high privileged attacker with local access could potentially exploit this... • https://www.dell.com/support/kbdoc/en-us/000258342/dsa-2024-405-security-update-for-dell-products-for-multiple-vulnerabilities • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 8.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-54198 – Information Disclosure vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP
https://notcve.org/view.php?id=CVE-2024-54198
10 Dec 2024 — In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely compromise the remote service, potentially resulting in a significant impact on the confidentiality, integrity, and availability of the application. • https://me.sap.com/notes/3469791 • CWE-914: Improper Control of Dynamically-Identified Variables •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-47577 – Information Disclosure vulnerability in SAP Commerce Cloud
https://notcve.org/view.php?id=CVE-2024-47577
10 Dec 2024 — Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. • https://me.sap.com/notes/3535451 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32732 – Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform
https://notcve.org/view.php?id=CVE-2024-32732
10 Dec 2024 — Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the application. • https://me.sap.com/notes/3524933 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49603
https://notcve.org/view.php?id=CVE-2024-49603
09 Dec 2024 — A remote low privileged legitimate user could potentially exploit this vulnerability, leading to information disclosure. • https://www.dell.com/support/kbdoc/en-in/000256645/dsa-2024-453-security-update-for-dell-powerscale-onefs-multiple-security-vulnerabilities • CWE-687: Function Call With Incorrectly Specified Argument Value •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24567 – WordPress WP Mailster plugin <= 1.8.16.0 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-24567
07 Dec 2024 — Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data. ... The WP Mailster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.16.0. • https://patchstack.com/database/wordpress/plugin/wp-mailster/vulnerability/wordpress-wp-mailster-plugin-1-8-16-0-sensitive-data-exposure-vulnerability-2? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7875 – XSS in Tungsten Automation TotalAgility
https://notcve.org/view.php?id=CVE-2024-7875
06 Dec 2024 — Tungsten Automation (Kofax) TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpScreenResolutionWidth parameter manipulation in a form sent to an endpoint /TotalAgility/Kofax/BrowserDevice/ScanFront.aspx This allows for injection of a malicious JavaScript code, leading to a possible information leak. Tungsten Automation (Kofax) TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpScreenResolu... • https://cert.pl/en/posts/2024/12/CVE-2024-7874 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7874 – XSS in Tungsten Automation TotalAgility
https://notcve.org/view.php?id=CVE-2024-7874
06 Dec 2024 — Tungsten Automation (Kofax) TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpConnectionId parameter manipulation in a form sent to endpoints "/TotalAgility/Kofax/BrowserDevice/ScanFront.aspx" and "/TotalAgility/Kofax/BrowserDevice/ScanFrontDebug.aspx" This allows for injection of a malicious JavaScript code, leading to a possible information leak. Tungsten Automation (Kofax) TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable... • https://cert.pl/en/posts/2024/12/CVE-2024-7874 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-0130
https://notcve.org/view.php?id=CVE-2024-0130
06 Dec 2024 — A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, denial of service, and information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5584 • CWE-287: Improper Authentication •