CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7648 – Opal Membership <= 1.2.4 - Authenticated (Subscriber+) Information Disclosure
https://notcve.org/view.php?id=CVE-2024-7648
09 Aug 2024 — The Opal Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the private notes functionality on payments which utilizes WordPress comments. • https://plugins.trac.wordpress.org/browser/opal-membership/trunk/inc/class-opalmembership-ajax.php#L128 • CWE-862: Missing Authorization •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7408 – Information Disclosure Vulnerability in Airveda Air Quality Monitor
https://notcve.org/view.php?id=CVE-2024-7408
09 Aug 2024 — This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0233 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-0113 – NVIDIA Onyx Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-0113
09 Aug 2024 — A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5563 • CWE-35: Path Traversal: '.../ •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43230 – WordPress Shared Files – Premium Download Manager & Secure File Sharing with Frontend File Upload plugin <= 1.7.28 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-43230
09 Aug 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Shared Files – File Upload Form Shared Files.This issue affects Shared Files: from n/a through 1.7.28. The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.28 via the export functionality and lack of protected directory. This makes it possible for unauthenticated attackers to extract sensitive da... • https://patchstack.com/database/vulnerability/shared-files/wordpress-shared-files-premium-download-manager-secure-file-sharing-with-frontend-file-upload-plugin-1-7-28-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43214 – WordPress myCred plugin <= 2.7.2 - Sensitive Data Exposure via BAC vulnerability
https://notcve.org/view.php?id=CVE-2024-43214
09 Aug 2024 — The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.7.2 via the get_issuer_data() function. • https://patchstack.com/database/vulnerability/mycred/wordpress-mycred-plugin-2-7-2-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-0104
https://notcve.org/view.php?id=CVE-2024-0104
08 Aug 2024 — A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges. • https://nvidia.custhelp.com/app/answers/detail/a_id/5559 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0107
https://notcve.org/view.php?id=CVE-2024-0107
08 Aug 2024 — A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5557 • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7602 – Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-7602
08 Aug 2024 — Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. ... An attacker can leverage this vulnerability to disclose information in the context of root. An attacker c... • https://www.zerodayinitiative.com/advisories/ZDI-24-1102 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7267 – Internal infrastructure data leak in EZD RP
https://notcve.org/view.php?id=CVE-2024-7267
07 Aug 2024 — Exposure of Sensitive Information vulnerability in Naukowa i Akademicka Sie? ... stwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure and credentials. stwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure and credentials. This issue affects EZD RP all versions before 19.6 Exposure of Sensitive Information vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Bada... • https://cert.pl/en/posts/2024/08/CVE-2023-7265 • CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38206 – Microsoft Copilot Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-38206
06 Aug 2024 — An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38206 • CWE-918: Server-Side Request Forgery (SSRF) •