CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-12476
https://notcve.org/view.php?id=CVE-2024-12476
17 Jan 2025 — CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web Designer configuration tool. CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code ... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-04.pdf • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 1CVE-2024-50967
https://notcve.org/view.php?id=CVE-2024-50967
17 Jan 2025 — An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information. • https://github.com/0xByteHunter/CVE-2024-50967 • CWE-862: Missing Authorization •
CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-37181
https://notcve.org/view.php?id=CVE-2024-37181
16 Jan 2025 — Time-of-check time-of-use race condition in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable information disclosure via adjacent access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01219.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0518 – Unchecked sscanf return value which leads to memory data leak
https://notcve.org/view.php?id=CVE-2025-0518
16 Jan 2025 — Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman • https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a • CWE-125: Out-of-bounds Read CWE-252: Unchecked Return Value •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23774 – WordPress WPDB to Sql plugin <= 1.2 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-23774
16 Jan 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in NotFound WPDB to Sql allows Retrieve Embedded Sensitive Data. ... The WPDB to Sql plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2. • https://patchstack.com/database/wordpress/plugin/wpdb-to-sql/vulnerability/wordpress-wpdb-to-sql-plugin-1-2-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23781 – WordPress WM Options Import Export plugin <= 1.0.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-23781
16 Jan 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in NotFound WM Options Import Export allows Retrieve Embedded Sensitive Data. ... The WM Options Import Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1. • https://patchstack.com/database/wordpress/plugin/wm-options-import-export/vulnerability/wordpress-wm-options-import-export-plugin-1-0-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-57682
https://notcve.org/view.php?id=CVE-2024-57682
16 Jan 2025 — An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to access sensitive information via a crafted POST request. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/d_status.md • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23486 – WordPress Database Sync plugin <= 0.5.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-23486
16 Jan 2025 — The Database Sync plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.5.1. • https://patchstack.com/database/wordpress/plugin/database-sync/vulnerability/wordpress-database-sync-plugin-0-5-1-sensitive-data-exposure-vulnerability? • CWE-862: Missing Authorization •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0481 – D-Link DIR-878 HTTP POST Request dllog.cgi information disclosure
https://notcve.org/view.php?id=CVE-2025-0481
15 Jan 2025 — The manipulation leads to information disclosure. ... Mittels Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-878/dllog.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0448 – Debian Security Advisory 5844-1
https://notcve.org/view.php?id=CVE-2025-0448
15 Jan 2025 — (Gravedad de seguridad de Chromium: baja) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html •