CVSS: 3.3EPSS: %CPEs: -EXPL: 0CVE-2024-12550 – Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-12550
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54279 – WordPress WP-NERD Toolkit plugin <= 1.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-54279
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPNERD WP-NERD Toolkit.This issue affects WP-NERD Toolkit: from n/a through 1.1. The WP-NERD Toolkit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/wp-nerd-toolkit/vulnerability/wordpress-wp-nerd-toolkit-plugin-1-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54309 – WordPress PostBox plugin <= 1.0.4 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-54309
Insertion of Sensitive Information Into Sent Data vulnerability in wpdebuglog PostBox allows Retrieve Embedded Sensitive Data.This issue affects PostBox: from n/a through 1.0.4. The WP Email Log – PostBox plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the pbeml_get_log_data() function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export and retrieve log data. • https://patchstack.com/database/wordpress/plugin/postbox-email-logs/vulnerability/wordpress-postbox-plugin-1-0-4-sensitive-data-exposure-vulnerability? • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-53246 – Sensitive Information Disclosure through SPL commands
https://notcve.org/view.php?id=CVE-2024-53246
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation. • https://advisory.splunk.com/advisories/SVD-2024-1204 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-53243 – Information Disclosure in Mobile Alert Responses in Splunk Secure Gateway
https://notcve.org/view.php?id=CVE-2024-53243
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see alert search query responses using Splunk Secure Gateway App Key Value Store (KVstore) collections endpoints due to improper access control. • https://advisory.splunk.com/advisories/SVD-2024-1201 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •