CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32131 – WordPress Download Manager plugin <= 3.2.82 - File Password Lock Bypass vulnerability
https://notcve.org/view.php?id=CVE-2024-32131
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. ... The Download Manager plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.2.82. • https://patchstack.com/database/vulnerability/download-manager/wordpress-download-manager-plugin-3-2-82-file-password-lock-bypass-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-5392
https://notcve.org/view.php?id=CVE-2023-5392
C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. • https://process.honeywell.com • CWE-1295: Debug Messages Revealing Unnecessary Information •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20798 – Illustrator 2024 CDR File parsing Out of Bound Read Information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-20798
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 28.3, 27.9.2 y anteriores de Illustrator se ven afectadas por una vulnerabilidad de lectura fuera de límites que podría provocar la divulgación de memoria confidencial. Un atacante podría aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. • https://helpx.adobe.com/security/products/illustrator/apsb24-25.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32086 – Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-32086
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a through 5.18.1. ... The Citadela Directory plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.18.1. • https://patchstack.com/database/vulnerability/citadela-directory/wordpress-citadela-listing-plugin-5-18-1-unauthenticated-sensitive-data-users-posts-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0908 – Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page <= 1.13.4 - Missing Authorization to Information Disclosure
https://notcve.org/view.php?id=CVE-2024-0908
The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts() function hooked via an AJAX action in all versions up to, and including, 1.13.1. This makes it possible for unauthenticated attackers to retrieve all post data, including those that may be password protected. El complemento Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación de capacidad en la función apbPosts() conectada mediante una acción AJAX en todas las versiones hasta, y incluyendo, 1.13.1. Esto hace posible que atacantes no autenticados recuperen todos los datos de las publicaciones, incluidos aquellos que pueden estar protegidos con contraseña. The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts() function hooked via an AJAX action in all versions up to, and including, 1.13.4. • https://plugins.trac.wordpress.org/browser/advanced-post-block/trunk/plugin.php#L173 https://www.wordfence.com/threat-intel/vulnerabilities/id/8fb6c221-d885-42b5-977c-39e8608e3e31?source=cve • CWE-862: Missing Authorization •