CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12365 – W3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2024-12365
13 Jan 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain the plugin's nonce value and perform unauthorized actions, resulting in information disclosure, service plan limits consumption as well as making web requests to arbitrary locations originating from the web application that can be used to query information from internal services, including instance metadata on cloud-based applications. • https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extension_ImageService_Plugin_Admin.php#L200 • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2024-11396 – Event monster <= 1.4.3 - Information Exposure Via Visitors List Export
https://notcve.org/view.php?id=CVE-2024-11396
13 Jan 2025 — The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. ... WordPress Event Monster plugin versions 1.4.3 and below suffer from an information disclosure vulnerability. • https://packetstorm.news/files/id/188663 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0403 – 1902756969 reggie Phone Number Validation sendMsg information disclosure
https://notcve.org/view.php?id=CVE-2025-0403
13 Jan 2025 — The manipulation of the argument code leads to information disclosure. ... Durch das Beeinflussen des Arguments code mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/1902756969/reggie/issues/3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 5.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-48883
https://notcve.org/view.php?id=CVE-2024-48883
13 Jan 2025 — The UE incorrectly handles a malformed uplink scheduling message, resulting in an information leak of the UE. • https://semiconductor.samsung.com/support/quality-support/product-security-updates • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 2.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42179 – HCL MyXalytics is affected by sensitive information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-42179
12 Jan 2025 — HCL MyXalytics is affected by sensitive information disclosure vulnerability. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51456 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2024-51456
12 Jan 2025 — IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 could allow a remote attacker to obtain sensitive data that may be exposed through certain crypto-analytic attacks. • https://www.ibm.com/support/pages/node/7180685 • CWE-780: Use of RSA Algorithm without OAEP •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52319 – mm: use aligned address in clear_gigantic_page()
https://notcve.org/view.php?id=CVE-2024-52319
11 Jan 2025 — So, this may cause memory corruption or information leak, addtional, use more obvious naming 'addr_hint' instead of 'addr' for clear_gigantic_page(). • https://git.kernel.org/stable/c/78fefd04c123493bbf28434768fa577b2153c79b •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51729 – mm: use aligned address in copy_user_gigantic_page()
https://notcve.org/view.php?id=CVE-2024-51729
11 Jan 2025 — So, this may cause memory corruption or information leak, addtional, use more obvious naming 'addr_hint' instead of 'addr' for copy_user_gigantic_page(). ... So, this may cause memory corruption or information leak, addtional, use more obvious naming 'addr_hint' instead of 'addr' for copy_user_gigantic_page(). • https://git.kernel.org/stable/c/530dd9926dc16220d2fae0997f45cda94f5f0864 •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-45301 – Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-45301
10 Jan 2025 — This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Mintty. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of printed characters. Crafted sequences of escape characters can cause the product to fetch a resource from an arbitrary path. An attacker can leverage this vulnerability to relay NTLM credentials in the context of the current u... •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-21380 – Azure Marketplace SaaS Resources Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-21380
09 Jan 2025 — Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21380 • CWE-284: Improper Access Control •