CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45426 – Zoom Workplace Apps - Incorrect Ownership Assignment
https://notcve.org/view.php?id=CVE-2024-45426
25 Feb 2025 — Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. • https://www.zoom.com/en/trust/security-bulletin/zsb-24038 • CWE-708: Incorrect Ownership Assignment •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45425 – Zoom Workplace Apps - Incorrect User Management
https://notcve.org/view.php?id=CVE-2024-45425
25 Feb 2025 — Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. • https://www.zoom.com/en/trust/security-bulletin/zsb-24037 • CWE-286: Incorrect User Management •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45424 – Zoom Workplace Apps - Business Logic Error
https://notcve.org/view.php?id=CVE-2024-45424
25 Feb 2025 — Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access. • https://www.zoom.com/en/trust/security-bulletin/zsb-24036 • CWE-840: Business Logic Errors •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-1521 – PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-1521
25 Feb 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-1522 – PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-1522
25 Feb 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. ... An attacker can leverage this vulnerability to disclose information in the context of the service account. •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1606 – SourceCodester Best Employee Management System backups.php information disclosure
https://notcve.org/view.php?id=CVE-2025-1606
24 Feb 2025 — The manipulation leads to information disclosure. ... The vendor was contacted early about this disclosure but did not respond in any way. ... Durch die Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Best-employee-management-system-information-leakage.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13693 – Enfold <= 6.0.9 - Missing Authorization to Sensitive Information Disclosure in avia-export-class.php
https://notcve.org/view.php?id=CVE-2024-13693
24 Feb 2025 — This makes it possible for unauthenticated attackers to export all avia settings which may included sensitive information such as the Mailchimp API Key, reCAPTCHA Secret Key, or Envato private token if they are set. • https://themeforest.net/item/enfold-responsive-multipurpose-theme/4519990#item-description__changelog • CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 8EXPL: 1CVE-2025-1595 – Anhui Xufan Information Technology EasyCVR getbaseconfig information disclosure
https://notcve.org/view.php?id=CVE-2025-1595
23 Feb 2025 — A vulnerability has been found in Anhui Xufan Information Technology EasyCVR up to 2.7.0 and classified as problematic. ... The manipulation leads to information disclosure. ... The vendor was contacted early about this disclosure but did not respond in any way. In Anhui Xufan Information Technology EasyCVR bis 2.7.0 wurde eine problematische Schwachstelle gefunden. ... Durch Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle au... • https://github.com/MH521/POC/blob/main/EasyCVR-%E8%A7%86%E9%A2%91%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0getbaseconfig%E6%8E%A5%E5%8F%A3%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26911 – WordPress System Dashboard plugin <= 2.8.18 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-26911
23 Feb 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels. ... The System Dashboard plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.18. • https://patchstack.com/database/wordpress/plugin/system-dashboard/vulnerability/wordpress-system-dashboard-plugin-2-8-18-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-22341 – IBM Watson Query on Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2024-22341
22 Feb 2025 — IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management. • https://www.ibm.com/support/pages/node/7183851 • CWE-269: Improper Privilege Management •