CVSS: 7.5EPSS: %CPEs: -EXPL: 0CVE-2025-6800 – Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-6800
27 Jun 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. ... An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. •
CVSS: 7.5EPSS: %CPEs: -EXPL: 0CVE-2025-6803 – Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-6803
27 Jun 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. ... An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. •
CVSS: 7.5EPSS: %CPEs: -EXPL: 0CVE-2025-6804 – Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-6804
27 Jun 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. ... An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. •
CVSS: 5.3EPSS: %CPEs: -EXPL: 0CVE-2025-6807 – Marvell QConvergeConsole getDriverTmpPath Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-6807
27 Jun 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. ... An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36034 – IBM InfoSphere DataStage Flow Designer information disclosure
https://notcve.org/view.php?id=CVE-2025-36034
26 Jun 2025 — IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques. • https://www.ibm.com/support/pages/node/7237604 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3722
https://notcve.org/view.php?id=CVE-2025-3722
26 Jun 2025 — A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere on the filesystem and possibly overwriting existing files and exposing sensitive information disclosure. • https://thrive.trellix.com/s/article/000014635 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6678 – Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-6678
25 Jun 2025 — Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. • https://www.zerodayinitiative.com/advisories/ZDI-25-342 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-41647 – Lenze: Plaintext Password Disclosure in PLC Designer V4 Interface
https://notcve.org/view.php?id=CVE-2025-41647
25 Jun 2025 — A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions. • https://certvde.com/en/advisories/VDE-2025-043 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 690EXPL: 1CVE-2024-51984 – Authenticated disclosure of external service passwords via pass-back attack affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.
https://notcve.org/view.php?id=CVE-2024-51984
25 Jun 2025 — An authenticated attacker can reconfigure the target device to use an external service (such as LDAP or FTP) controlled by the attacker. If an existing password is present for an external service, the attacker can force the target device to authenticate to an attacker controlled device using the existing credentials for that external service. In the case of an external LDAP or FTP service, this will disclose the plaintext password for that external service to the attacker. • https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 666EXPL: 1CVE-2024-51983 – Unauthenticated Denial of Service (DoS) via malformed WS-Scan request affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.
https://notcve.org/view.php?id=CVE-2024-51983
25 Jun 2025 — An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device. • https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf • CWE-1286: Improper Validation of Syntactic Correctness of Input •