Filtered by CWE-200
Total 8795 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-44685 1 Southrivertech 1 Titan Sftp Server 2024-09-13 5 Medium
Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a vulnerability a vulnerability where sensitive information, including passwords, is exposed in clear text within the JSON response when configuring SMTP settings via the Web UI.
CVE-2024-20503 1 Cisco 1 Duo Authentication For Epic 2024-09-13 5.5 Medium
A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. A low-privileged attacker could exploit this vulnerability by viewing or querying the registry key on the affected system. A successful exploit could allow the attacker to view sensitive information in cleartext.
CVE-2021-22529 1 Microfocus 1 Netiq Advanced Authentication 2024-09-13 6.3 Medium
A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1
CVE-2024-37930 2 Theme-sphere, Themesphere 2 Smartmag, Smartmag 2024-09-12 5.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability in ThemeSphere SmartMag allows Excavation, Accessing Functionality Not Properly Constrained by ACLs.This issue affects SmartMag: from n/a through 9.3.0.
CVE-2024-43259 2 Jem-products, Jem Plugins 2 Order Export For Woocommerce, Order Expert For Woocommerce 2024-09-12 5.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in JEM Plugins Order Export for WooCommerce.This issue affects Order Export for WooCommerce: from n/a through 3.23.
CVE-2024-43258 1 Storelocatorplus 1 Store Locator Plus 2024-09-12 5.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Store Locator Plus.This issue affects Store Locator Plus: from n/a through 2311.17.01.
CVE-2024-43257 1 Nouthemes 1 Leopard 2024-09-12 6.5 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Nouthemes Leopard - WordPress offload media.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36.
CVE-2024-45391 1 Tina 1 Tina 2024-09-12 7.5 High
Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Administrators of Tina-enabled websites with search setup should rotate their key immediately. This issue has been patched in @tinacms/cli version 1.6.2. Upgrading and rotating the search token is required for the proper fix.
CVE-2024-45450 1 Huawei 2 Emui, Harmonyos 2024-09-12 4 Medium
Permission control vulnerability in the software update module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-45054 1 Hwameistor 1 Hwameistor 2024-09-12 2.8 Low
Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has * verbs of * resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation. This issue has been patched in version 0.14.6. All users are advised to upgrade. Users unable to upgrade should update and limit the ClusterRole using security-role.
CVE-2024-8461 1 Dlink 2 Dns-320, Dns-320 Firmware 2024-09-12 5.3 Medium
A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This affects an unknown part of the file /cgi-bin/discovery.cgi of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
CVE-2024-43264 1 Mediavine 1 Create 2024-09-12 5.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mediavine Create by Mediavine.This issue affects Create by Mediavine: from n/a through 1.9.8.
CVE-2024-41733 1 Sap 3 Commerce, Commerce Cloud, Commerce Hycom 2024-09-12 5.3 Medium
In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the e-mail that they wish to test for. The impact on confidentiality therefore is low and no impact to integrity or availability
CVE-2024-41736 1 Sap 1 Permit To Work 2024-09-12 4.3 Medium
Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application.
CVE-2024-8097 2024-09-12 4.2 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentials posted in plain-text on the server log.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.20.0 before 5.67.0, from 5.2020.2 before 5.2022.5, from 4.1.2.191.0 before 4.1.2.191.50.
CVE-2024-6835 1 Ivorysearch 1 Ivory Search 2024-09-11 5.3 Medium
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the boolean-based attack on the AJAX search form
CVE-2024-27120 2 Celsius Benelux, Celsiusbenelux 2 Comfortkey, Comfortkey 2024-09-11 7.5 High
A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Using this vulnerability, an unauthenticated attacker may retrieve sensitive information about the underlying system. The vulnerability has been remediated in version 24.1.2.
CVE-2024-44408 2 D-link, Dlink 3 Dir-823g, Dir-823g, Dir-823g Firmware 2024-09-10 7.5 High
D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords.
CVE-2024-2541 2 Popup Builder, Sygnoos 2 Popup Builder, Popup Builder 2024-09-09 5.3 Medium
The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via a CSV file. This data may include the first name, last name, e-mail address, and potentially other personally identifiable information of subscribers.
CVE-2024-42019 1 Veeam 1 One 2024-09-09 N/A
A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.