CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41757 – IBM Concert Software information disclosure
https://notcve.org/view.php?id=CVE-2024-41757
24 Jan 2025 — IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. • https://www.ibm.com/support/pages/node/7173596 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24582 – WordPress 12 Step Meeting List plugin <= 3.16.5 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-24582
24 Jan 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in Code for Recovery 12 Step Meeting List allows Retrieve Embedded Sensitive Data. ... The 12 Step Meeting List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.16.5. • https://patchstack.com/database/wordpress/plugin/12-step-meeting-list/vulnerability/wordpress-12-step-meeting-list-plugin-3-16-5-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24705 – WordPress WooCommerce Quick View plugin <= 1.1.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-24705
24 Jan 2025 — The WooCommerce Quick View plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.1. • https://patchstack.com/database/wordpress/plugin/woo-quick-view/vulnerability/wordpress-woocommerce-quick-view-plugin-1-1-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42718 – Sensitive data unnecessarily returned from authenticated API
https://notcve.org/view.php?id=CVE-2021-42718
23 Jan 2025 — Information Disclosure in API in Replicated Replicated Classic versions prior to 2.53.1 on all platforms allows authenticated users with Admin Console access to retrieve sensitive data, including application secrets, via accessing container definitions with environment variables through the Admin Console API on port 8800. Information Disclosure in API in Replicated Replicated Classic versions prior to 2.53.1 on all platforms allows authenticated users with Admin Console access to... • https://www.replicated.com/cve-2021-42718 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0612 – Debian Security Advisory 5848-1
https://notcve.org/view.php?id=CVE-2025-0612
22 Jan 2025 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0611 – Debian Security Advisory 5848-1
https://notcve.org/view.php?id=CVE-2025-0611
22 Jan 2025 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-23047 – Cilium vulnerable to information leakage via insecure default Hubble UI CORS header
https://notcve.org/view.php?id=CVE-2025-23047
22 Jan 2025 — An insecure default `Access-Control-Allow-Origin` header value could lead to sensitive data exposure for users of Cilium versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4 who deploy Hubble UI using either Cilium CLI or via the Cilium Helm chart. • https://github.com/cilium/cilium/commit/a3489f190ba6e87b5336ee685fb6c80b1270d06d • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49734
https://notcve.org/view.php?id=CVE-2024-49734
21 Jan 2025 — In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to determine what site a device has connected to through a VPN due to side channel information disclosure. This could lead to remote information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/2025-01-01 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49733
https://notcve.org/view.php?id=CVE-2024-49733
21 Jan 2025 — This could lead to local information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/2025-01-01 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40108
https://notcve.org/view.php?id=CVE-2023-40108
21 Jan 2025 — This could lead to local information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/2025-01-01 •