CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45408 – eLabFTW contains a direct and indirect information disclosure
https://notcve.org/view.php?id=CVE-2024-45408
An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. • https://github.com/elabftw/elabftw/security/advisories/GHSA-2c83-6j74-w8r5 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45792 – MantisBT vulnerable to information disclosure with user profiles
https://notcve.org/view.php?id=CVE-2024-45792
Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users' personal system profiles. • https://github.com/mantisbt/mantisbt/security/advisories/GHSA-h5q3-fjp4-2x7r https://github.com/mantisbt/mantisbt/commit/ef0f820284032350cc20a39ff9cb2010d5463b41 https://mantisbt.org/bugs/view.php?id=34640 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-35495
https://notcve.org/view.php?id=CVE-2024-35495
An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0 and Tapo P125M 1.0.0 Build 220930 Rel.143947 allows attackers to observe device state via observing network traffic. • https://github.com/Chapoly1305/tp-link-cve/blob/main/CVE-2024-35495.md • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 1CVE-2024-46635
https://notcve.org/view.php?id=CVE-2024-46635
An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber parameter. • https://github.com/h1thub/CVE-2024-46635 https://hithub.notion.site/Sensitive-Information-Disclosure-in-GongZhiDao-System-aaad25d2430f4a638d462194cfa87c8b • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47344 – WordPress uListing plugin <= 2.1.5 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-47344
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StylemixThemes uListing.This issue affects uListing: from n/a through 2.1.5. The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.5 via the /pricing-plan/payment endpoint. • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-1-5-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •