CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49461 – amt: fix memory leak for advertisement message
https://notcve.org/view.php?id=CVE-2022-49461
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: amt: fix memory leak for advertisement message When a gateway receives an advertisement message, it extracts relay information and then it should be freed. But the advertisement handler doesn't free it. So, memory leak would occur. So, memory leak would occur. In the Linux kernel, the following vulnerability has been resolved: amt: fix memory leak for advertisement message When a gateway receives an advertisement... • https://git.kernel.org/stable/c/cbc21dc1cfe949e37b2a54c71511579f1899e8d4 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49235 – ath9k_htc: fix uninit value bugs
https://notcve.org/view.php?id=CVE-2022-49235
26 Feb 2025 — Based on firmware code, it will initialize it by itself, so simply zero whole array to make KMSAN happy Fail logs: BUG: KMSAN: kernel-usb-infoleak in usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430 usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430 hif_usb_send_regout drivers/net/wireless/ath/ath9k/hif_usb.c:127 [inline] hif_usb_send+0x5f0/0x16f0 drivers/net/wireless/ath/ath9k/hif_usb.c:479 htc_issue_send drivers/net/wireless/ath/ath9k/htc_hst.c:34 [inline] htc_connect_service+0x143... • https://git.kernel.org/stable/c/fb9987d0f748c983bb795a86f47522313f701a08 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30150 – An unauthenticated privilege escalation vulnerability affects HCL MyCloud
https://notcve.org/view.php?id=CVE-2024-30150
25 Feb 2025 — HCL MyCloud is affected by Improper Access Control - an unauthenticated privilege escalation vulnerability which may lead to information disclosure and potential for Server-Side Request Forgery (SSRF) and Denial of Service(DOS) attacks from unauthenticated users. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119368 • CWE-269: Improper Privilege Management •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0148
https://notcve.org/view.php?id=CVE-2024-0148
25 Feb 2025 — A successful exploit might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5617 • CWE-447: Unimplemented or Unsupported Feature in UI •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45426 – Zoom Workplace Apps - Incorrect Ownership Assignment
https://notcve.org/view.php?id=CVE-2024-45426
25 Feb 2025 — Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. • https://www.zoom.com/en/trust/security-bulletin/zsb-24038 • CWE-708: Incorrect Ownership Assignment •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45425 – Zoom Workplace Apps - Incorrect User Management
https://notcve.org/view.php?id=CVE-2024-45425
25 Feb 2025 — Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. • https://www.zoom.com/en/trust/security-bulletin/zsb-24037 • CWE-286: Incorrect User Management •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-1521 – PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-1521
25 Feb 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-1522 – PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-1522
25 Feb 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. ... An attacker can leverage this vulnerability to disclose information in the context of the service account. •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1606 – SourceCodester Best Employee Management System backups.php information disclosure
https://notcve.org/view.php?id=CVE-2025-1606
24 Feb 2025 — The manipulation leads to information disclosure. ... Durch die Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Best-employee-management-system-information-leakage.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13693 – Enfold <= 6.0.9 - Missing Authorization to Sensitive Information Disclosure in avia-export-class.php
https://notcve.org/view.php?id=CVE-2024-13693
24 Feb 2025 — This makes it possible for unauthenticated attackers to export all avia settings which may included sensitive information such as the Mailchimp API Key, reCAPTCHA Secret Key, or Envato private token if they are set. • https://themeforest.net/item/enfold-responsive-multipurpose-theme/4519990#item-description__changelog • CWE-284: Improper Access Control •