CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53862 – Aap: aap-gateway: automation-hub: sensitive information disclosure
https://notcve.org/view.php?id=CVE-2025-53862
11 Jul 2025 — A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information. • https://access.redhat.com/security/cve/CVE-2025-53862 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53509 – Advantech iView Argument Injection
https://notcve.org/view.php?id=CVE-2025-53509
10 Jul 2025 — This can result in information disclosure, including sensitive database credentials. • https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52459 – Advantech iView Argument Injection
https://notcve.org/view.php?id=CVE-2025-52459
10 Jul 2025 — This can result in information disclosure, including sensitive database credentials. • https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48891 – Advantech iView SQL Injection
https://notcve.org/view.php?id=CVE-2025-48891
10 Jul 2025 — This vulnerability can be exploited by an authenticated attacker with at least user-level privileges, potentially leading to information disclosure or a denial-of-service condition. • https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-41442 – Advantech iView Cross-site Scripting
https://notcve.org/view.php?id=CVE-2025-41442
10 Jul 2025 — By manipulating certain input parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities. • https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53519 – Advantech iView Cross-site Scripting
https://notcve.org/view.php?id=CVE-2025-53519
10 Jul 2025 — By manipulating specific parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities. • https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53397 – Advantech iView Cross-site Scripting
https://notcve.org/view.php?id=CVE-2025-53397
10 Jul 2025 — By exploiting this flaw, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities. • https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46788 – Zoom Workplace for Linux - Improper Certificate Validation
https://notcve.org/view.php?id=CVE-2025-46788
10 Jul 2025 — Improper certificate validation in Zoom Workplace for Linux before version 6.4.13 may allow an unauthorized user to conduct an information disclosure via network access. • https://https://www.zoom.com/en/trust/security-bulletin/zsb-25023 • CWE-295: Improper Certificate Validation •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38327 – IBM Analytics Content Hub information disclosure
https://notcve.org/view.php?id=CVE-2024-38327
10 Jul 2025 — IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API. • https://www.ibm.com/support/pages/node/7234122 • CWE-540: Inclusion of Sensitive Information in Source Code •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36090 – IBM Analytics Content Hub information disclosure
https://notcve.org/view.php?id=CVE-2025-36090
10 Jul 2025 — IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain information about the application framework which could be used in reconnaissance to gather information for future attacks from a detailed technical error message. • https://www.ibm.com/support/pages/node/7234122 • CWE-209: Generation of Error Message Containing Sensitive Information •