CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25301 – Rembg allows SSRF via /api/remove
https://notcve.org/view.php?id=CVE-2025-25301
03 Mar 2025 — This issue may lead to Information Disclosure. • https://securitylab.github.com/advisories/GHSL-2024-161_GHSL-2024-162_rembg • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41771 – IBM Engineering Requirements Management DOORS Next information disclosure
https://notcve.org/view.php?id=CVE-2024-41771
03 Mar 2025 — IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information. • https://www.ibm.com/support/pages/node/7184663 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41770 – IBM Engineering Requirements Management DOORS Next information disclosure
https://notcve.org/view.php?id=CVE-2024-41770
03 Mar 2025 — IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information. • https://www.ibm.com/support/pages/node/7184663 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-53011 – Permissions, Privileges, and Access Controls in Video Analytics and Processing
https://notcve.org/view.php?id=CVE-2024-53011
03 Mar 2025 — Information disclosure may occur due to improper permission and access controls to Video Analytics engine. • https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2024-43051 – Improper Authorization in SPS-HLOS
https://notcve.org/view.php?id=CVE-2024-43051
03 Mar 2025 — Information disclosure while deriving keys for a session for any Widevine use case. • https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html • CWE-285: Improper Authorization •
CVSS: 5.4EPSS: 0%CPEs: 19EXPL: 0CVE-2024-38426 – Improper Authentication in Modem
https://notcve.org/view.php?id=CVE-2024-38426
03 Mar 2025 — While processing the authentication message in UE, improper authentication may lead to information disclosure. • https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-20653
https://notcve.org/view.php?id=CVE-2025-20653
03 Mar 2025 — This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/March-2025 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.6EPSS: 0%CPEs: -EXPL: 0CVE-2025-20652
https://notcve.org/view.php?id=CVE-2025-20652
03 Mar 2025 — This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/March-2025 • CWE-125: Out-of-bounds Read •
CVSS: 4.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-20651
https://notcve.org/view.php?id=CVE-2025-20651
03 Mar 2025 — This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/March-2025 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-20649
https://notcve.org/view.php?id=CVE-2025-20649
03 Mar 2025 — In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/March-2025 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •