CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-39363
https://notcve.org/view.php?id=CVE-2024-39363
14 Jan 2025 — A specially crafted HTTP request can lead to a disclosure of sensitive information. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2017 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-39773
https://notcve.org/view.php?id=CVE-2024-39773
14 Jan 2025 — An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2035 • CWE-306: Missing Authentication for Critical Function •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-55593
https://notcve.org/view.php?id=CVE-2024-55593
14 Jan 2025 — A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries • https://fortiguard.fortinet.com/psirt/FG-IR-24-465 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-0066 – Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)
https://notcve.org/view.php?id=CVE-2025-0066
14 Jan 2025 — Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. • https://me.sap.com/notes/3550708 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0061 – Multiple vulnerabilities in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2025-0061
14 Jan 2025 — SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vulnerability. • https://me.sap.com/notes/3474398 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-0059 – Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)
https://notcve.org/view.php?id=CVE-2025-0059
14 Jan 2025 — Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input in the local browser storage to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application. • https://me.sap.com/notes/3503138 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-0058 – Information Disclosure vulnerability in SAP Business Workflow and SAP Flexible Workflow
https://notcve.org/view.php?id=CVE-2025-0058
14 Jan 2025 — In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the information unavailable. • https://me.sap.com/notes/3542698 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-0056 – Information Disclosure vulnerability in SAP GUI for Java
https://notcve.org/view.php?id=CVE-2025-0056
14 Jan 2025 — SAP GUI for Java saves user input on the client PC to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application. • https://me.sap.com/notes/3502459 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-0055 – Information Disclosure vulnerability in SAP GUI for Windows
https://notcve.org/view.php?id=CVE-2025-0055
14 Jan 2025 — SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application. • https://me.sap.com/notes/3472837 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0053 – Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2025-0053
14 Jan 2025 — SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information. • https://me.sap.com/notes/3536461 • CWE-209: Generation of Error Message Containing Sensitive Information •