CVSS: 4.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-49817 – IBM Security Guardium Key Lifecycle Manager information disclosure
https://notcve.org/view.php?id=CVE-2024-49817
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. • https://www.ibm.com/support/pages/node/7175067 • CWE-260: Password in Configuration File •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26281 – Information disclosure vulnerability in Alarm clock module
https://notcve.org/view.php?id=CVE-2021-26281
Some parameters of the alarm clock module are improperly stored, leaking some sensitive information. • https://www.vivo.com/en/support/security-advisory-detail?id=9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26279 – Information disclosure vulnerability in Weather module
https://notcve.org/view.php?id=CVE-2021-26279
Some parameters of the weather module are improperly stored, leaking some sensitive information. • https://www.vivo.com/en/support/security-advisory-detail?id=10 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12447 – Get Post Content Shortcode <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content Shortcode
https://notcve.org/view.php?id=CVE-2024-12447
The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the content of password-protected, private, draft, and pending posts. • https://plugins.trac.wordpress.org/browser/get-post-content-shortcode/trunk/get-post-content-shortcode.php#L106 https://www.wordfence.com/threat-intel/vulnerabilities/id/c2b92091-e615-484f-b402-2e793eed214d?source=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9945 – Limited Information Disclosure in GoAnywhere MFT Prior to 7.7.0
https://notcve.org/view.php?id=CVE-2024-9945
An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to version 7.7.0 that allows external access to the resources in certain admin root folders. • https://www.fortra.com/security/advisories/product-security/fi-2024-014 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-425: Direct Request ('Forced Browsing') •