CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20798 – Illustrator 2024 CDR File parsing Out of Bound Read Information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-20798
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 28.3, 27.9.2 y anteriores de Illustrator se ven afectadas por una vulnerabilidad de lectura fuera de límites que podría provocar la divulgación de memoria confidencial. Un atacante podría aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. • https://helpx.adobe.com/security/products/illustrator/apsb24-25.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32086 – Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-32086
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a through 5.18.1. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en AitThemes Citadela Listing. Este problema afecta el listado de Citadela: desde n/a hasta 5.18.1. The Citadela Directory plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.18.1. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/citadela-directory/wordpress-citadela-listing-plugin-5-18-1-unauthenticated-sensitive-data-users-posts-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0908 – Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page <= 1.13.4 - Missing Authorization to Information Disclosure
https://notcve.org/view.php?id=CVE-2024-0908
The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts() function hooked via an AJAX action in all versions up to, and including, 1.13.1. This makes it possible for unauthenticated attackers to retrieve all post data, including those that may be password protected. El complemento Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación de capacidad en la función apbPosts() conectada mediante una acción AJAX en todas las versiones hasta, y incluyendo, 1.13.1. Esto hace posible que atacantes no autenticados recuperen todos los datos de las publicaciones, incluidos aquellos que pueden estar protegidos con contraseña. The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts() function hooked via an AJAX action in all versions up to, and including, 1.13.4. • https://plugins.trac.wordpress.org/browser/advanced-post-block/trunk/plugin.php#L173 https://www.wordfence.com/threat-intel/vulnerabilities/id/8fb6c221-d885-42b5-977c-39e8608e3e31?source=cve • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-1520 – OS Command Injection in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-1520
This could result in unauthorized access, data leakage, or complete system compromise. • https://github.com/parisneo/lollms-webui/commit/2497d1a4fe5a09f003bf7a9bc426139e9295a934 https://huntr.com/bounties/405c2059-3fe9-4233-8eed-741ec847d181 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3387 – PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2024-3387
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls. • https://security.paloaltonetworks.com/CVE-2024-3387 • CWE-326: Inadequate Encryption Strength •