CVE-2024-7418 – The Post Grid <= 7.7.11 - Authenticated (Contributor+) Information Disclosure
https://notcve.org/view.php?id=CVE-2024-7418
The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.7.11 via the post_query_guten and post_query functions. This makes it possible for authenticated attackers, with contributor-level access and above, to extract information from posts that are not public (i.e. draft, future, etc..). • https://plugins.trac.wordpress.org/changeset/3142599/the-post-grid/trunk/app/Controllers/Blocks/BlockBase.php https://plugins.trac.wordpress.org/changeset/3142599/the-post-grid/trunk/app/Widgets/elementor/rtTPGElementorQuery.php https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3142599%40the-post-grid&new=3142599%40the-post-grid&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/dddecb2e-9ad6-4e44-afce-5eba7da6322d?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-22529 – Sensitive Data Exposure leaks potential information in NetIQ Advance Authentication
https://notcve.org/view.php?id=CVE-2021-22529
A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-45241
https://notcve.org/view.php?id=CVE-2024-45241
A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information. • https://github.com/d4lyw/CVE-2024-45241 https://github.com/verylazytech/CVE-2024-45241 https://www.centralsquare.com/solutions/public-safety-software/public-safety-agency-operations/crywolf-false-alarm-management-solution https://daly.wtf/cve-2024-45241-path-traversal-in-centralsquare-crywolf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-39745 – IBM Sterling Connect:Direct Web Services information disclosure
https://notcve.org/view.php?id=CVE-2024-39745
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7166195 https://exchange.xforce.ibmcloud.com/vulnerabilities/297312 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2024-39746 – IBM Sterling Connect:Direct Web Services information disclosure
https://notcve.org/view.php?id=CVE-2024-39746
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. • https://www.ibm.com/support/pages/node/7166018 https://exchange.xforce.ibmcloud.com/vulnerabilities/297313 • CWE-311: Missing Encryption of Sensitive Data •