CVSS: 7.1EPSS: %CPEs: -EXPL: 0CVE-2025-1522 – PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-1522
25 Feb 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the database_schema method. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to disclose information in the context of the service account. •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1606 – SourceCodester Best Employee Management System backups.php information disclosure
https://notcve.org/view.php?id=CVE-2025-1606
24 Feb 2025 — The manipulation leads to information disclosure. ... Durch die Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Best-employee-management-system-information-leakage.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13693 – Enfold <= 6.0.9 - Missing Authorization to Sensitive Information Disclosure in avia-export-class.php
https://notcve.org/view.php?id=CVE-2024-13693
24 Feb 2025 — The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9. This makes it possible for unauthenticated attackers to export all avia settings which may included sensitive information such as the Mailchimp API Key, reCAPTCHA Secret Key, or Envato private token if they are set. El tema Enfold para WordPress es vulnerable al acceso no autorizado a los datos debido a una verificación de capacid... • https://themeforest.net/item/enfold-responsive-multipurpose-theme/4519990#item-description__changelog • CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 8EXPL: 1CVE-2025-1595 – Anhui Xufan Information Technology EasyCVR getbaseconfig information disclosure
https://notcve.org/view.php?id=CVE-2025-1595
23 Feb 2025 — The manipulation leads to information disclosure. ... Durch Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/MH521/POC/blob/main/EasyCVR-%E8%A7%86%E9%A2%91%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0getbaseconfig%E6%8E%A5%E5%8F%A3%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26911 – WordPress System Dashboard plugin <= 2.8.18 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-26911
23 Feb 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects System Dashboard: from n/a through 2.8.18. The System Dashboard plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.18. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or config... • https://patchstack.com/database/wordpress/plugin/system-dashboard/vulnerability/wordpress-system-dashboard-plugin-2-8-18-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-22341 – IBM Watson Query on Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2024-22341
22 Feb 2025 — IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management. • https://www.ibm.com/support/pages/node/7183851 • CWE-269: Improper Privilege Management •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45674 – IBM Security Verify Bridge information disclosure
https://notcve.org/view.php?id=CVE-2024-45674
21 Feb 2025 — IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores potentially sensitive information in log files that could be read by a local user. • https://www.ibm.com/support/pages/node/7183801 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45673 – IBM Security Verify Bridge information disclosure
https://notcve.org/view.php?id=CVE-2024-45673
21 Feb 2025 — IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user. • https://www.ibm.com/support/pages/node/7183801 • CWE-260: Password in Configuration File •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-54961
https://notcve.org/view.php?id=CVE-2024-54961
20 Feb 2025 — Nagios XI 2024R1.2.2 has an Information Disclosure vulnerability, which allows unauthenticated users to access multiple pages displaying the usernames and email addresses of all current users. • https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2024-54961 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1006 – Debian Security Advisory 5869-1
https://notcve.org/view.php?id=CVE-2025-1006
19 Feb 2025 — (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html • CWE-416: Use After Free •