CVSS: 4.9EPSS: %CPEs: -EXPL: 0CVE-2025-2770 – BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-2770
25 Mar 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of BEC Technologies routers. •
CVSS: 5.3EPSS: %CPEs: -EXPL: 0CVE-2025-2772 – BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-2772
25 Mar 2025 — This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BEC Technologies routers. •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0256 – HCL DevOps Deploy / HCL Launch is susceptible to a sensitive information disclosure
https://notcve.org/view.php?id=CVE-2025-0256
24 Mar 2025 — HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119059 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30609 – WordPress AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps - <= <= 1.4.3 Sensitive Data Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2025-30609
24 Mar 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in AppExperts AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps allows Retrieve Embedded Sensitive Data. ... The APPExperts – Mobile App Builder for WordPress | WooCommerce to iOS and Android Apps plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.3. • https://patchstack.com/database/wordpress/plugin/appexperts/vulnerability/wordpress-appexperts-wordpress-to-mobile-app-woocommerce-to-ios-and-android-apps-1-4-3-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43029 – IBM Storage Virtualize vSphere Remote Plug-in information disclosure
https://notcve.org/view.php?id=CVE-2023-43029
21 Mar 2025 — IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment. • https://www.ibm.com/support/pages/node/7228722 • CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8487 – CORS Vulnerability in modelscope/agentscope
https://notcve.org/view.php?id=CVE-2024-8487
20 Mar 2025 — This can lead to unauthorized data access, information disclosure, and potential further exploitation, thereby compromising the integrity and confidentiality of the system. • https://huntr.com/bounties/7aca7507-a94e-4e63-83a2-15648e5c4067 • CWE-346: Origin Validation Error •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-12869 – Improper Authentication in infiniflow/ragflow
https://notcve.org/view.php?id=CVE-2024-12869
20 Mar 2025 — This can lead to a privacy breach where users' personal or private information, such as email addresses or usernames in the invite list, could be exposed without their consent. This data leakage can facilitate further attacks, such as phishing or spam, and result in loss of trust and potential regulatory issues. • https://huntr.com/bounties/768b1a56-1e79-416a-8445-65953568b04a • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9447 – Exposure of Sensitive Information in transformeroptimus/superagi
https://notcve.org/view.php?id=CVE-2024-9447
20 Mar 2025 — An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. • https://huntr.com/bounties/c952ea32-3047-42d3-8a3e-e67899e35dfd • CWE-1230: Exposure of Sensitive Information Through Metadata •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10264 – HTTP Request Smuggling in netease-youdao/qanything
https://notcve.org/view.php?id=CVE-2024-10264
20 Mar 2025 — This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and potentially arbitrary code execution. • https://huntr.com/bounties/988247d5-fd60-4d85-845a-e867d62c0d02 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.8EPSS: 1%CPEs: -EXPL: 0CVE-2024-9362 – Directory Traversal in polyaxon/polyaxon
https://notcve.org/view.php?id=CVE-2024-9362
20 Mar 2025 — This vulnerability allows an attacker to retrieve directory information and file contents from the server without proper authorization, leading to sensitive information disclosure. • https://huntr.com/bounties/d8dcb40f-ce76-4524-8d06-e0f12a07809d • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •