CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41738 – IBM TXSeries for Multiplatforms information disclosure
https://notcve.org/view.php?id=CVE-2024-41738
01 Nov 2024 — IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques. • https://www.ibm.com/support/pages/node/7174572 • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0106
https://notcve.org/view.php?id=CVE-2024-0106
01 Nov 2024 — A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5562 • CWE-274: Improper Handling of Insufficient Privileges •
CVSS: 8.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0105
https://notcve.org/view.php?id=CVE-2024-0105
01 Nov 2024 — A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5562 • CWE-274: Improper Handling of Insufficient Privileges •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-48352
https://notcve.org/view.php?id=CVE-2024-48352
01 Nov 2024 — Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server response via sending HTTP request with enterprise ID. • http://yealink.com • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33603
https://notcve.org/view.php?id=CVE-2024-33603
30 Oct 2024 — The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1985 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33626
https://notcve.org/view.php?id=CVE-2024-33626
30 Oct 2024 — The LevelOne WBR-6012 router contains a vulnerability within its web application that allows unauthenticated disclosure of sensitive information, such as the WiFi WPS PIN, through a hidden page accessible by an HTTP request. Disclosure of this information could enable attackers to connect to the device's WiFi network. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1986 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50528 – WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-50528
30 Oct 2024 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stacks Stacks Mobile App Builder allows Retrieve Embedded Sensitive Data.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3. The Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.3. • https://patchstack.com/database/vulnerability/stacks-mobile-app-builder/wordpress-stacks-mobile-app-builder-plugin-5-2-3-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10488 – Debian Security Advisory 5802-1
https://notcve.org/view.php?id=CVE-2024-10488
29 Oct 2024 — (Gravedad de seguridad de Chromium: Alta) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_29.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10487 – Debian Security Advisory 5802-1
https://notcve.org/view.php?id=CVE-2024-10487
29 Oct 2024 — (Gravedad de seguridad de Chromium: crítica) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_29.html • CWE-787: Out-of-bounds Write •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6674 – Data Leak through CORS Misconfiguration in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-6674
29 Oct 2024 — A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. ... The issue impacts the confidentiality and integrity of the information. • https://github.com/parisneo/lollms-webui/commit/c1bb1ad19752aa7541675b398495eaf98fd589f1 • CWE-346: Origin Validation Error •