CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43214 – WordPress myCred plugin <= 2.7.2 - Sensitive Data Exposure via BAC vulnerability
https://notcve.org/view.php?id=CVE-2024-43214
Missing Authorization vulnerability in myCred.This issue affects myCred: from n/a through 2.7.2. The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.7.2 via the get_issuer_data() function. This makes it possible for unauthenticated attackers to see the open badge email. • https://patchstack.com/database/vulnerability/mycred/wordpress-mycred-plugin-2-7-2-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 4.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-0104
https://notcve.org/view.php?id=CVE-2024-0104
A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges. • https://nvidia.custhelp.com/app/answers/detail/a_id/5559 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-0107
https://notcve.org/view.php?id=CVE-2024-0107
A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5557 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7602 – Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-7602
Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. • https://www.zerodayinitiative.com/advisories/ZDI-24-1102 https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7267 – Internal infrastructure data leak in EZD RP
https://notcve.org/view.php?id=CVE-2024-7267
Exposure of Sensitive Information vulnerability in Naukowa i Akademicka Sie? Komputerowa - Pa?stwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure and credentials. This issue affects EZD RP all versions before 19.6 Exposure of Sensitive Information vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure and credentials. This issue affects EZD RP all versions before 19.6 • https://cert.pl/en/posts/2024/08/CVE-2023-7265 https://cert.pl/posts/2024/08/CVE-2023-7265 https://www.gov.pl/web/ezd-rp • CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •