CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-29488
https://notcve.org/view.php?id=CVE-2025-29488
27 Mar 2025 — libming v0.4.8 was discovered to contain a memory leak via the parseSWF_INITACTION function. • https://github.com/goodmow/PoC/blob/main/libming/libming-fuzz5.readme • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-29489
https://notcve.org/view.php?id=CVE-2025-29489
27 Mar 2025 — libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHLINESTYLES function. • https://github.com/goodmow/PoC/blob/main/libming/libming-fuzz7.readme • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-29497
https://notcve.org/view.php?id=CVE-2025-29497
27 Mar 2025 — libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHFILLSTYLES function. • https://github.com/goodmow/PoC/blob/main/libming/libming-fuzz15.readme • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2025-20227 – Information Disclosure through external content warning modal dialog box bypass in Splunk Enterprise Dashboard Studio
https://notcve.org/view.php?id=CVE-2025-20227
26 Mar 2025 — In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could bypass the external content warning modal dialog box in Dashboard Studio dashboards which could lead to an information disclosure. • https://advisory.splunk.com/advisories/SVD-2025-0306 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-20231 – Sensitive Information Disclosure in Splunk Secure Gateway App
https://notcve.org/view.php?id=CVE-2025-20231
26 Mar 2025 — In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a higher-privileged user that could lead to disclosure of sensitive information. • https://advisory.splunk.com/advisories/SVD-2025-0302 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30353 – Directus's webhook trigger flows can leak sensitive data
https://notcve.org/view.php?id=CVE-2025-30353
26 Mar 2025 — This includes environmental variables, sensitive API keys, user accountability information, and operational data. • https://github.com/directus/directus/security/advisories/GHSA-fm3h-p9wm-h74h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23203 – Icinga has rest API endpoints accessible to restricted users
https://notcve.org/view.php?id=CVE-2025-23203
26 Mar 2025 — And even though some of these Icinga Director users are restricted from accessing certain objects, are able to retrieve information related to them if their name is known. ... This results in further exploitation, data breaches and sensitive information disclosure. ... This could again result in further exploitation of this information and data breaches. • https://github.com/Icinga/icingaweb2-module-director/releases/tag/v1.10.3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-55965
https://notcve.org/view.php?id=CVE-2024-55965
26 Mar 2025 — Users invited as "App Viewer" incorrectly have access to development information of a workspace (specifically, a list of datasources in a workspace they're a member of). This information disclosure does not expose sensitive data in the datasources, such as database passwords and API Keys. • https://github.com/appsmithorg/appsmith/security/advisories/GHSA-794x-gm8v-2wj6 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-26001
https://notcve.org/view.php?id=CVE-2025-26001
26 Mar 2025 — Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter getUserNamePassword. • https://github.com/Fan-24/Digging/blob/main/1/1.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-26009
https://notcve.org/view.php?id=CVE-2025-26009
26 Mar 2025 — Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerability when requesting systemutilit.cgi. • https://github.com/Fan-24/Digging/blob/main/11/1.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •