CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49137 – drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj
https://notcve.org/view.php?id=CVE-2022-49137
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj This issue takes place in an error path in amdgpu_cs_fence_to_handle_ioctl(). When `info->in.what` falls into default case, the function simply returns -EINVAL, forgetting to decrement the reference count of a dma_fence obj, which is bumped earlier by amdgpu_cs_get_fence(). • https://git.kernel.org/stable/c/72d77ddb2224ebc00648f4f78f8a9a259dccbdf7 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49086 – net: openvswitch: fix leak of nested actions
https://notcve.org/view.php?id=CVE-2022-49086
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix leak of nested actions While parsing user-provided actions, openvswitch module may dynamically allocate memory and store pointers in the internal copy of the actions. So this memory has to be freed while destroying the actions. ... For example, removal of the flow with the following actions will lead to a leak of the memory allocated by nf_ct_tmpl_alloc(): actions:clone(ct(commit),0) Non-freed set() actio... • https://git.kernel.org/stable/c/34ae932a40369be6bd6ea97d66b6686361b4370d •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30150 – An unauthenticated privilege escalation vulnerability affects HCL MyCloud
https://notcve.org/view.php?id=CVE-2024-30150
25 Feb 2025 — HCL MyCloud is affected by Improper Access Control - an unauthenticated privilege escalation vulnerability which may lead to information disclosure and potential for Server-Side Request Forgery (SSRF) and Denial of Service(DOS) attacks from unauthenticated users. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119368 • CWE-269: Improper Privilege Management •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0148
https://notcve.org/view.php?id=CVE-2024-0148
25 Feb 2025 — A successful exploit might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5617 • CWE-447: Unimplemented or Unsupported Feature in UI •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45426 – Zoom Workplace Apps - Incorrect Ownership Assignment
https://notcve.org/view.php?id=CVE-2024-45426
25 Feb 2025 — Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. • https://www.zoom.com/en/trust/security-bulletin/zsb-24038 • CWE-708: Incorrect Ownership Assignment •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45425 – Zoom Workplace Apps - Incorrect User Management
https://notcve.org/view.php?id=CVE-2024-45425
25 Feb 2025 — Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. • https://www.zoom.com/en/trust/security-bulletin/zsb-24037 • CWE-286: Incorrect User Management •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-1521 – PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-1521
25 Feb 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the slack_incoming_webhook parameter. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to execute code in the context of the service account. •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-1522 – PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-1522
25 Feb 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the database_schema method. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to disclose information in the context of the service account. •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1606 – SourceCodester Best Employee Management System backups.php information disclosure
https://notcve.org/view.php?id=CVE-2025-1606
24 Feb 2025 — The manipulation leads to information disclosure. ... Durch die Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Best-employee-management-system-information-leakage.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13693 – Enfold <= 6.0.9 - Missing Authorization to Sensitive Information Disclosure in avia-export-class.php
https://notcve.org/view.php?id=CVE-2024-13693
24 Feb 2025 — The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9. This makes it possible for unauthenticated attackers to export all avia settings which may included sensitive information such as the Mailchimp API Key, reCAPTCHA Secret Key, or Envato private token if they are set. El tema Enfold para WordPress es vulnerable al acceso no autorizado a los datos debido a una verificación de capacid... • https://themeforest.net/item/enfold-responsive-multipurpose-theme/4519990#item-description__changelog • CWE-284: Improper Access Control •