CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39593 – [CVE-2024-39593] Information Disclosure vulnerability in SAP Landscape Management
https://notcve.org/view.php?id=CVE-2024-39593
SAP Landscape Management allows an authenticated user to read confidential data disclosed by the REST Provider Definition response. Successful exploitation can cause high impact on confidentiality of the managed entities. SAP Landscape Management permite a un usuario autenticado leer datos confidenciales revelados por la respuesta de Provider Definition REST. La explotación exitosa puede causar un gran impacto en la confidencialidad de las entidades gestionadas. • https://me.sap.com/notes/3466801 https://url.sap/sapsecuritypatchday • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-5549 – Data leak through CORS misconfiguration in stitionai/devika
https://notcve.org/view.php?id=CVE-2024-5549
A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. • https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2 https://huntr.com/bounties/7ffeb896-27c8-429d-b241-4f7d6dda0afd • CWE-346: Origin Validation Error •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-38970
https://notcve.org/view.php?id=CVE-2024-38970
vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function. • https://gist.github.com/fltys/b2c430bca85c97211010bdc602437978 https://github.com/tingyuu/vaeThink •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37924 – WordPress WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin <= 1.0.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-37924
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wp2speed WP2Speed Faster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP2Speed Faster: from n/a through 1.0.1. The WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to extract potentially sensitive information. • https://patchstack.com/database/vulnerability/wp2speed/wordpress-wp2speed-faster-optimize-pagespeed-insights-score-90-100-plugin-1-0-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37935 – WordPress Woocommerce OpenPos plugin <= 6.4.4 - Unauthenticated Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-37935
This makes it possible for unauthenticated attackers to view sensitive information. • https://patchstack.com/database/vulnerability/woocommerce-openpos/wordpress-woocommerce-openpos-plugin-6-4-4-unauthenticated-sensitive-data-exposure-vulnerability? • CWE-862: Missing Authorization •