CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45425 – Zoom Workplace Apps - Incorrect User Management
https://notcve.org/view.php?id=CVE-2024-45425
25 Feb 2025 — Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. • https://www.zoom.com/en/trust/security-bulletin/zsb-24037 • CWE-286: Incorrect User Management •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-1521 – PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-1521
25 Feb 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-1522 – PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-1522
25 Feb 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. ... An attacker can leverage this vulnerability to disclose information in the context of the service account. •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1606 – SourceCodester Best Employee Management System backups.php information disclosure
https://notcve.org/view.php?id=CVE-2025-1606
24 Feb 2025 — The manipulation leads to information disclosure. ... Durch die Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Best-employee-management-system-information-leakage.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13693 – Enfold <= 6.0.9 - Missing Authorization to Sensitive Information Disclosure in avia-export-class.php
https://notcve.org/view.php?id=CVE-2024-13693
24 Feb 2025 — This makes it possible for unauthenticated attackers to export all avia settings which may included sensitive information such as the Mailchimp API Key, reCAPTCHA Secret Key, or Envato private token if they are set. • https://themeforest.net/item/enfold-responsive-multipurpose-theme/4519990#item-description__changelog • CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 8EXPL: 1CVE-2025-1595 – Anhui Xufan Information Technology EasyCVR getbaseconfig information disclosure
https://notcve.org/view.php?id=CVE-2025-1595
23 Feb 2025 — A vulnerability has been found in Anhui Xufan Information Technology EasyCVR up to 2.7.0 and classified as problematic. ... The manipulation leads to information disclosure. ... In Anhui Xufan Information Technology EasyCVR bis 2.7.0 wurde eine problematische Schwachstelle gefunden. ... Durch Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/MH521/POC/blob/main/EasyCVR-%E8%A7%86%E9%A2%91%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0getbaseconfig%E6%8E%A5%E5%8F%A3%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26911 – WordPress System Dashboard plugin <= 2.8.18 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-26911
23 Feb 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels. ... The System Dashboard plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.18. • https://patchstack.com/database/wordpress/plugin/system-dashboard/vulnerability/wordpress-system-dashboard-plugin-2-8-18-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-22341 – IBM Watson Query on Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2024-22341
22 Feb 2025 — IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management. • https://www.ibm.com/support/pages/node/7183851 • CWE-269: Improper Privilege Management •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45674 – IBM Security Verify Bridge information disclosure
https://notcve.org/view.php?id=CVE-2024-45674
21 Feb 2025 — IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores potentially sensitive information in log files that could be read by a local user. • https://www.ibm.com/support/pages/node/7183801 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45673 – IBM Security Verify Bridge information disclosure
https://notcve.org/view.php?id=CVE-2024-45673
21 Feb 2025 — IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user. • https://www.ibm.com/support/pages/node/7183801 • CWE-260: Password in Configuration File •