CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-20466 – Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-20466
21 Aug 2024 — A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. ... A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-exp-vdF8Jbyk • CWE-266: Incorrect Privilege Assignment CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2024-7885 – Undertow: improper state management in proxy protocol parsing causes information leakage
https://notcve.org/view.php?id=CVE-2024-7885
21 Aug 2024 — As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. ... This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments. ... Issues addressed include an information leakage vulnerability. • https://access.redhat.com/security/cve/CVE-2024-7885 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34458
https://notcve.org/view.php?id=CVE-2024-34458
20 Aug 2024 — Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in information disclosure. • https://trust.keyfactor.com/?itemUid=d73921fd-bc9e-4e35-a974-cfb628e6a226&source=click •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42006
https://notcve.org/view.php?id=CVE-2024-42006
20 Aug 2024 — Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure. • https://trust.keyfactor.com/?itemUid=d73921fd-bc9e-4e35-a974-cfb628e6a226&source=click •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7925 – ZZCMS eginfo.php information disclosure
https://notcve.org/view.php?id=CVE-2024-7925
19 Aug 2024 — The manipulation of the argument phome with the input ShowPHPInfo leads to information disclosure. ... Dank Manipulation des Arguments phome mit der Eingabe ShowPHPInfo mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://gitee.com/A0kooo/cve_article/blob/master/zzcms/information_leak/Zenmus%20ekinfo.php%20had%20an%20information%20leak.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47728 – IBM QRadar Suite Software information disclosure
https://notcve.org/view.php?id=CVE-2023-47728
16 Aug 2024 — IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7161427 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43319 – WordPress HTML5 Video Player plugin <= 2.5.31 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-43319
16 Aug 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in bPlugins LLC Flash & HTML5 Video.This issue affects Flash & HTML5 Video: from n/a through 2.5.31. The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.31 via the h5vp_export_data() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract potentially... • https://patchstack.com/database/vulnerability/html5-video-player/wordpress-html5-video-player-plugin-2-5-31-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43289 – WordPress wpForo Forum plugin <= 2.3.4 - Unauthenticated Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-43289
16 Aug 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4. The wpForo Forum plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.4. • https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-forum-plugin-2-3-4-unauthenticated-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7843 – SourceCodester Online Graduate Tracer System exportcs.php information disclosure
https://notcve.org/view.php?id=CVE-2024-7843
15 Aug 2024 — The manipulation leads to information disclosure. ... Durch Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/Wsstiger/cve/blob/main/Tracer_info2.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-34727
https://notcve.org/view.php?id=CVE-2024-34727
15 Aug 2024 — This could lead to remote information disclosure with no additional execution privileges needed. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6afad4b377b5bc3f38b28296e746b674173f99d8 •