CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43230 – WordPress Shared Files – Premium Download Manager & Secure File Sharing with Frontend File Upload plugin <= 1.7.28 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-43230
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Shared Files – File Upload Form Shared Files.This issue affects Shared Files: from n/a through 1.7.28. The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.28 via the export functionality and lack of protected directory. This makes it possible for unauthenticated attackers to extract sensitive data information from export files generated by the plugin. • https://patchstack.com/database/vulnerability/shared-files/wordpress-shared-files-premium-download-manager-secure-file-sharing-with-frontend-file-upload-plugin-1-7-28-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43214 – WordPress myCred plugin <= 2.7.2 - Sensitive Data Exposure via BAC vulnerability
https://notcve.org/view.php?id=CVE-2024-43214
The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.7.2 via the get_issuer_data() function. • https://patchstack.com/database/vulnerability/mycred/wordpress-mycred-plugin-2-7-2-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37283 – Elastic Agent Insertion of Sensitive Information into Log File
https://notcve.org/view.php?id=CVE-2024-37283
An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs. • https://discuss.elastic.co/t/elastic-agent-8-15-0-security-update-esa-2024-23/364635 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-42493 – Dorsett Controls InfoScan Exposure of Sensitive Information To An Unauthorized Actor
https://notcve.org/view.php?id=CVE-2024-42493
Dorsett Controls InfoScan is vulnerable due to a leak of possible sensitive information through the response headers and the rendered JavaScript prior to user login. • https://portal.dtscada.com/#/security-bulletins?bulletin=1 https://www.cisa.gov/news-events/ics-advisories/icsa-24-221-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-0104
https://notcve.org/view.php?id=CVE-2024-0104
A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges. • https://nvidia.custhelp.com/app/answers/detail/a_id/5559 • CWE-284: Improper Access Control •