CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-5392
https://notcve.org/view.php?id=CVE-2023-5392
C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. • https://process.honeywell.com • CWE-1295: Debug Messages Revealing Unnecessary Information •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20798 – Illustrator 2024 CDR File parsing Out of Bound Read Information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-20798
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 28.3, 27.9.2 y anteriores de Illustrator se ven afectadas por una vulnerabilidad de lectura fuera de límites que podría provocar la divulgación de memoria confidencial. Un atacante podría aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. • https://helpx.adobe.com/security/products/illustrator/apsb24-25.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32086 – Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-32086
This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/citadela-directory/wordpress-citadela-listing-plugin-5-18-1-unauthenticated-sensitive-data-users-posts-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0908 – Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page <= 1.13.4 - Missing Authorization to Information Disclosure
https://notcve.org/view.php?id=CVE-2024-0908
The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts() function hooked via an AJAX action in all versions up to, and including, 1.13.1. This makes it possible for unauthenticated attackers to retrieve all post data, including those that may be password protected. ... The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts() function hooked via an AJAX action in all versions up to, and including, 1.13.4. This makes it possible for unauthenticated attackers to retrieve all post data, including those that may be password protected. • https://plugins.trac.wordpress.org/browser/advanced-post-block/trunk/plugin.php#L173 https://www.wordfence.com/threat-intel/vulnerabilities/id/8fb6c221-d885-42b5-977c-39e8608e3e31?source=cve • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-1520 – OS Command Injection in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-1520
This could result in unauthorized access, data leakage, or complete system compromise. • https://github.com/parisneo/lollms-webui/commit/2497d1a4fe5a09f003bf7a9bc426139e9295a934 https://huntr.com/bounties/405c2059-3fe9-4233-8eed-741ec847d181 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •