Total
9146 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-33003 | 1 Sap | 1 Commerce Cloud | 2024-09-16 | 7.4 High |
| Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a High impact on confidentiality and integrity of the application. | ||||
| CVE-2024-1744 | 2 Accordors, Ariva Computer | 2 Accord Ors, Accord Ors | 2024-09-13 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data.This issue affects Accord ORS: before 7.3.2.1. | ||||
| CVE-2024-44685 | 1 Southrivertech | 1 Titan Sftp Server | 2024-09-13 | 5 Medium |
| Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a vulnerability a vulnerability where sensitive information, including passwords, is exposed in clear text within the JSON response when configuring SMTP settings via the Web UI. | ||||
| CVE-2024-20503 | 1 Cisco | 1 Duo Authentication For Epic | 2024-09-13 | 5.5 Medium |
| A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. A low-privileged attacker could exploit this vulnerability by viewing or querying the registry key on the affected system. A successful exploit could allow the attacker to view sensitive information in cleartext. | ||||
| CVE-2021-22529 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | 6.3 Medium |
| A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1 | ||||
| CVE-2024-37930 | 2 Theme-sphere, Themesphere | 2 Smartmag, Smartmag | 2024-09-12 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability in ThemeSphere SmartMag allows Excavation, Accessing Functionality Not Properly Constrained by ACLs.This issue affects SmartMag: from n/a through 9.3.0. | ||||
| CVE-2024-43259 | 2 Jem-products, Jem Plugins | 2 Order Export For Woocommerce, Order Expert For Woocommerce | 2024-09-12 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in JEM Plugins Order Export for WooCommerce.This issue affects Order Export for WooCommerce: from n/a through 3.23. | ||||
| CVE-2024-43258 | 1 Storelocatorplus | 1 Store Locator Plus | 2024-09-12 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Store Locator Plus.This issue affects Store Locator Plus: from n/a through 2311.17.01. | ||||
| CVE-2024-43257 | 1 Nouthemes | 1 Leopard | 2024-09-12 | 6.5 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Nouthemes Leopard - WordPress offload media.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36. | ||||
| CVE-2024-45391 | 1 Tina | 1 Tina | 2024-09-12 | 7.5 High |
| Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Administrators of Tina-enabled websites with search setup should rotate their key immediately. This issue has been patched in @tinacms/cli version 1.6.2. Upgrading and rotating the search token is required for the proper fix. | ||||
| CVE-2024-45450 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-12 | 4 Medium |
| Permission control vulnerability in the software update module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-45054 | 1 Hwameistor | 1 Hwameistor | 2024-09-12 | 2.8 Low |
| Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has * verbs of * resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation. This issue has been patched in version 0.14.6. All users are advised to upgrade. Users unable to upgrade should update and limit the ClusterRole using security-role. | ||||
| CVE-2024-8461 | 1 Dlink | 2 Dns-320, Dns-320 Firmware | 2024-09-12 | 5.3 Medium |
| A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This affects an unknown part of the file /cgi-bin/discovery.cgi of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. | ||||
| CVE-2024-43264 | 1 Mediavine | 1 Create | 2024-09-12 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mediavine Create by Mediavine.This issue affects Create by Mediavine: from n/a through 1.9.8. | ||||
| CVE-2024-45624 | 1 Pgpool | 1 Pgpool-ii | 2024-09-12 | 7.5 High |
| Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved. | ||||
| CVE-2024-41733 | 1 Sap | 3 Commerce, Commerce Cloud, Commerce Hycom | 2024-09-12 | 5.3 Medium |
| In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the e-mail that they wish to test for. The impact on confidentiality therefore is low and no impact to integrity or availability | ||||
| CVE-2024-41736 | 1 Sap | 1 Permit To Work | 2024-09-12 | 4.3 Medium |
| Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application. | ||||
| CVE-2024-8097 | 2024-09-12 | 4.2 Medium | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentials posted in plain-text on the server log.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.20.0 before 5.67.0, from 5.2020.2 before 5.2022.5, from 4.1.2.191.0 before 4.1.2.191.50. | ||||
| CVE-2024-6835 | 1 Ivorysearch | 1 Ivory Search | 2024-09-11 | 5.3 Medium |
| The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the boolean-based attack on the AJAX search form | ||||
| CVE-2024-44408 | 2 D-link, Dlink | 3 Dir-823g, Dir-823g, Dir-823g Firmware | 2024-09-10 | 7.5 High |
| D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords. | ||||