CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22151 – Strawberry GraphQL has a type resolution vulnerability
https://notcve.org/view.php?id=CVE-2025-22151
09 Jan 2025 — This can lead to information disclosure if the alternate type exposes sensitive fields and potential privilege escalation if the alternate type contains data intended for restricted access. • https://github.com/strawberry-graphql/strawberry/commit/526eb82b70451c0e59d5a71ae9b7396f59974bd8 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13241 – Open Social - Moderately critical - Information Disclosure - SA-CONTRIB-2024-005
https://notcve.org/view.php?id=CVE-2024-13241
09 Jan 2025 — Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5. • https://www.drupal.org/sa-contrib-2024-005 • CWE-285: Improper Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43176 – IBM OpenPages information disclosure
https://notcve.org/view.php?id=CVE-2024-43176
09 Jan 2025 — IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users. • https://www.ibm.com/support/pages/node/7174640 • CWE-276: Incorrect Default Permissions CWE-282: Improper Ownership Management •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 3CVE-2024-12542 – linkID <= 0.1.2 - Missing Authorization to Unauthenticated Sensitive Information Exposure
https://notcve.org/view.php?id=CVE-2024-12542
08 Jan 2025 — WordPress linkID plugin versions 0.1.2 and below suffers from a missing authorization vulnerability that results in information disclosure. • https://packetstorm.news/files/id/188668 • CWE-862: Missing Authorization •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0291 – Debian Security Advisory 5840-1
https://notcve.org/view.php?id=CVE-2025-0291
08 Jan 2025 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-55656 – RedisBloom Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-55656
08 Jan 2025 — Then read and write can be performed beyond this allocated memory, leading to info leak and OOB write. • https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-x5rx-rmq3-ff3h • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40679 – IBM Db2 information disclosure
https://notcve.org/view.php?id=CVE-2024-40679
08 Jan 2025 — IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions. • https://www.ibm.com/support/pages/node/7175957 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22363 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2022-22363
07 Jan 2025 — IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7179163 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20455 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2021-20455
07 Jan 2025 — IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7179163 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28778 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2024-28778
07 Jan 2025 — IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization. • https://www.ibm.com/support/pages/node/7179163 • CWE-798: Use of Hard-coded Credentials •