CVSS: 6.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-8460 – D-Link DNS-320 Web Management Interface widget_api.cgi information disclosure
https://notcve.org/view.php?id=CVE-2024-8460
The manipulation of the argument getHD/getSer/getSys leads to information disclosure. ... Durch das Beeinflussen des Arguments getHD/getSer/getSys mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/leetsun/IoT-Vuls/tree/main/Dlink-dns320/1 https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383 https://vuldb.com/?ctiid.276626 https://vuldb.com/?id.276626 https://vuldb.com/?submit.401297 https://www.dlink.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45107 – ZDI-CAN-24186: Adobe Acrobat Reader DC Doc Object Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-45107
Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.002.20991 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. • https://helpx.adobe.com/security/products/acrobat/apsb24-57.html • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7713 – AI Chatbot with ChatGPT by AYS <= 2.0.9 - Unauthenticated OpenAI Key Disclosure
https://notcve.org/view.php?id=CVE-2024-7713
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.9 via the ays_chatgpt_admin_ajax AJAX action. • https://wpscan.com/vulnerability/061eab97-4a84-4738-a1e8-ef9a1261ff73 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45175 – C-MOR Video Surveillance 5.2401 / 6.00PL01 Information Disclosure / Cleartext Secret
https://notcve.org/view.php?id=CVE-2024-45175
Sensitive information is stored in cleartext. It was found out that sensitive information, for example login credentials of cameras, is stored in cleartext. ... C-MOR Video Surveillance versions 5.2401 and 6.00PL01 stores sensitive information, such as credentials, in clear text. • https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-028.txt https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7415 – Remember Me Controls <= 2.0.1 - Unauthenticated Full Path Disclosure
https://notcve.org/view.php?id=CVE-2024-7415
The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. ... The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. • https://plugins.trac.wordpress.org/browser/remember-me-controls/tags/2.0.1/tests/phpunit/bootstrap.php https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3146603%40remember-me-controls&new=3146603%40remember-me-controls&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/01707346-86c2-45c8-a2c9-81a147506fa4?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •