CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4271 – TOTOLINK A720R cstecgi.cgi information disclosure
https://notcve.org/view.php?id=CVE-2025-4271
05 May 2025 — The manipulation of the argument topicurl with the input showSyslog leads to information disclosure. ... Mit der Manipulation des Arguments topicurl mit der Eingabe showSyslog mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/at0de/my_vulns/blob/main/TOTOLINK/A720R/showSyslog.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4270 – TOTOLINK A720R Config cstecgi.cgi information disclosure
https://notcve.org/view.php?id=CVE-2025-4270
05 May 2025 — The manipulation of the argument topicurl with the input getInitCfg/getSysStatusCfg leads to information disclosure. ... Dank Manipulation des Arguments topicurl mit der Eingabe getInitCfg/getSysStatusCfg mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/at0de/my_vulns/blob/main/TOTOLINK/A720R/getInitCfg.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-20665
https://notcve.org/view.php?id=CVE-2025-20665
05 May 2025 — In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/May-2025 • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-20670
https://notcve.org/view.php?id=CVE-2025-20670
05 May 2025 — This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with User execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/May-2025 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-20667
https://notcve.org/view.php?id=CVE-2025-20667
05 May 2025 — In Modem, there is a possible information disclosure due to incorrect error handling. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/May-2025 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-30087 – Debian Security Advisory 5909-1
https://notcve.org/view.php?id=CVE-2025-30087
05 May 2025 — Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system, which could result in information disclosure, cross-site scripting and use of weak encryption for S/MIME emails. • https://docs.bestpractical.com/release-notes/rt/4.4.8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31500 – Debian Security Advisory 5909-1
https://notcve.org/view.php?id=CVE-2025-31500
05 May 2025 — Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system, which could result in information disclosure, cross-site scripting and use of weak encryption for S/MIME emails. • https://docs.bestpractical.com/release-notes/rt/5.0.8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31501 – Debian Security Advisory 5909-1
https://notcve.org/view.php?id=CVE-2025-31501
05 May 2025 — Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system, which could result in information disclosure, cross-site scripting and use of weak encryption for S/MIME emails. • https://docs.bestpractical.com/release-notes/rt/5.0.8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2545 – Deprecated 3DES cryptographic algorithm used by Request Tracker in emails encrypted with S/MIME
https://notcve.org/view.php?id=CVE-2025-2545
05 May 2025 — Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system, which could result in information disclosure, cross-site scripting and use of weak encryption for S/MIME emails. • https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-algorithm-not-recommended-request-tracker-best-practical • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46332 – Information Disclosure via Flags override link
https://notcve.org/view.php?id=CVE-2025-46332
02 May 2025 — This vulnerability allows for information disclosure, where a bad actor could gain access to a list of all feature flags exposed through the flags discovery endpoint, including the flag names, flag descriptions, available options and their labels (e.g. true, false), and default flag values. • https://vercel.com/changelog/information-disclosure-in-flags-sdk-cve-2025-46332 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •