CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-1520 – OS Command Injection in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-1520
This could result in unauthorized access, data leakage, or complete system compromise. • https://github.com/parisneo/lollms-webui/commit/2497d1a4fe5a09f003bf7a9bc426139e9295a934 https://huntr.com/bounties/405c2059-3fe9-4233-8eed-741ec847d181 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3387 – PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2024-3387
With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls. • https://security.paloaltonetworks.com/CVE-2024-3387 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31873 – IBM Security Verify Access Appliance information disclosure
https://notcve.org/view.php?id=CVE-2024-31873
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317. IBM Security Verify Access Appliance suffers from multiple insecure transit vulnerabilities, hardcoded passwords, and uninitialized variables. ibmsecurity versions prior to 2024.4.5 are affected. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287317 https://www.ibm.com/support/pages/node/7147932 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6916 – Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1
https://notcve.org/view.php?id=CVE-2023-6916
Audit records for OpenAPI requests may include sensitive information. This could lead to unauthorized accesses and privilege escalation. Los registros de auditoría de solicitudes de OpenAPI pueden incluir información confidencial. Esto podría provocar accesos no autorizados y escalada de privilegios. • https://security.nozominetworks.com/NN-2023:17-01 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-522: Insufficiently Protected Credentials •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2024-2731 – Improper Access Control Issues Lead to Sensitive Data Exposure in Mautic
https://notcve.org/view.php?id=CVE-2024-2731
Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaigns and their descriptions. • https://github.com/lockness-Ko/CVE-2024-27316 https://github.com/aeyesec/CVE-2024-27316_poc https://huntr.com/bounties/4d72d300-92d6-4e3c-93d8-52fe47396ae0 • CWE-284: Improper Access Control •