Filtered by CWE-200
Filtered by vendor Subscriptions
Total 8850 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-43259 2 Jem-products, Jem Plugins 2 Order Export For Woocommerce, Order Expert For Woocommerce 2024-09-13 5.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in JEM Plugins Order Export for WooCommerce.This issue affects Order Export for WooCommerce: from n/a through 3.23.
CVE-2024-43258 1 Storelocatorplus 1 Store Locator Plus 2024-09-13 5.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Store Locator Plus.This issue affects Store Locator Plus: from n/a through 2311.17.01.
CVE-2024-43257 1 Nouthemes 1 Leopard 2024-09-13 6.5 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Nouthemes Leopard - WordPress offload media.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36.
CVE-2024-45391 1 Tina 1 Tina 2024-09-12 7.5 High
Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Administrators of Tina-enabled websites with search setup should rotate their key immediately. This issue has been patched in @tinacms/cli version 1.6.2. Upgrading and rotating the search token is required for the proper fix.
CVE-2024-45450 1 Huawei 2 Emui, Harmonyos 2024-09-12 4 Medium
Permission control vulnerability in the software update module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-45054 1 Hwameistor 1 Hwameistor 2024-09-12 2.8 Low
Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has * verbs of * resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation. This issue has been patched in version 0.14.6. All users are advised to upgrade. Users unable to upgrade should update and limit the ClusterRole using security-role.
CVE-2024-8461 1 Dlink 2 Dns-320, Dns-320 Firmware 2024-09-12 5.3 Medium
A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This affects an unknown part of the file /cgi-bin/discovery.cgi of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
CVE-2024-43264 1 Mediavine 1 Create 2024-09-12 5.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mediavine Create by Mediavine.This issue affects Create by Mediavine: from n/a through 1.9.8.
CVE-2024-45624 1 Pgpool 1 Pgpool-ii 2024-09-12 7.5 High
Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved.
CVE-2024-41733 1 Sap 3 Commerce, Commerce Cloud, Commerce Hycom 2024-09-12 5.3 Medium
In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the e-mail that they wish to test for. The impact on confidentiality therefore is low and no impact to integrity or availability
CVE-2024-41736 1 Sap 1 Permit To Work 2024-09-12 4.3 Medium
Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application.
CVE-2024-8097 2024-09-12 4.2 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentials posted in plain-text on the server log.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.20.0 before 5.67.0, from 5.2020.2 before 5.2022.5, from 4.1.2.191.0 before 4.1.2.191.50.
CVE-2024-6835 1 Ivorysearch 1 Ivory Search 2024-09-11 5.3 Medium
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the boolean-based attack on the AJAX search form
CVE-2024-27120 2 Celsius Benelux, Celsiusbenelux 2 Comfortkey, Comfortkey 2024-09-11 7.5 High
A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Using this vulnerability, an unauthenticated attacker may retrieve sensitive information about the underlying system. The vulnerability has been remediated in version 24.1.2.
CVE-2024-44408 2 D-link, Dlink 3 Dir-823g, Dir-823g, Dir-823g Firmware 2024-09-10 7.5 High
D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords.
CVE-2024-2541 2 Popup Builder, Sygnoos 2 Popup Builder, Popup Builder 2024-09-09 5.3 Medium
The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via a CSV file. This data may include the first name, last name, e-mail address, and potentially other personally identifiable information of subscribers.
CVE-2024-42019 1 Veeam 1 One 2024-09-09 N/A
A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.
CVE-2024-38650 1 Veeam 1 Service Provider Console 2024-09-09 N/A
An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.
CVE-2024-7697 2 Tecno, Transsion 2 Com.transsion.carlcare, Carlcare 2024-09-06 7.5 High
Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks.
CVE-2024-8460 1 Dlink 2 Dns-320, Dns-320 Firmware 2024-09-06 3.7 Low
A vulnerability, which was classified as problematic, has been found in D-Link DNS-320 2.02b01. Affected by this issue is some unknown functionality of the file /cgi-bin/widget_api.cgi of the component Web Management Interface. The manipulation of the argument getHD/getSer/getSys leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.