CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-24869 – Information Disclosure vulnerability in SAP NetWeaver Application Server Java
https://notcve.org/view.php?id=CVE-2025-24869
11 Feb 2025 — SAP NetWeaver Application Server Java allows an attacker to access an endpoint that can disclose information about deployed server components, including their XML definitions. This information should ideally be restricted to customer administrators, even though they may not need it. ... In such a scenario, sensitive information could be exposed without compromising its integrity or availability. • https://me.sap.com/notes/3550027 • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-23193 – Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP
https://notcve.org/view.php?id=CVE-2025-23193
11 Feb 2025 — SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based on the existence of a specified user, potentially revealing sensitive information. • https://me.sap.com/notes/3561264 • CWE-204: Observable Response Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12315 – Export All Posts, Products, Orders, Refunds & Users <= 2.9.3 - Information Disclosure Through Unprotected Directory
https://notcve.org/view.php?id=CVE-2024-12315
11 Feb 2025 — The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.3 via the exports directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/smack_uci_uploads/exports/ directory which can contain information like exported user data. • https://plugins.trac.wordpress.org/browser/wp-ultimate-exporter/trunk/exportExtensions/ExportExtension.php#L1678 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2022-35202
https://notcve.org/view.php?id=CVE-2022-35202
11 Feb 2025 — A security issue in Sitevision version 10.3.1 and older allows a remote attacker, in certain (non-default) scenarios, to gain access to the private keys used for signing SAML Authn requests. The underlying issue is a Java keystore that may become accessible and downloadable via WebDAV. This keystore is protected with a low-complexity, auto-generated password. • https://www.shelltrail.com/research/how-auto-generated-passwords-in-sitevision-leads-to-signing-key-leakage-cve-2022-35202 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0900 – PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-0900
11 Feb 2025 — PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. • https://www.zerodayinitiative.com/advisories/ZDI-25-086 • CWE-125: Out-of-bounds Read •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-10649 – Unauthenticated File Upload in wandb/openui
https://notcve.org/view.php?id=CVE-2024-10649
10 Feb 2025 — This can lead to multiple security issues including denial of service, stored XSS, and information disclosure. ... The lack of authentication allows any user to upload and overwrite files, potentially causing the S3 bucket to run out of space, injecting malicious scripts, and accessing sensitive information. • https://huntr.com/bounties/1025793a-3c19-4148-a26e-80cd84d4822d • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1099 – Information Disclosure Vulnerability in TP-Link Tapo C500 Wi-Fi Camera
https://notcve.org/view.php?id=CVE-2025-1099
10 Feb 2025 — The TP-Link Tapo C500 V1 and V2 are a pan-and-tilt outdoor Wi-Fi security cameras designed for comprehensive surveillance. This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and man in the middle attacks on the targeted device. This vulnerability exists in Tapo C500 Wi-Fi... • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0017 • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-57177
https://notcve.org/view.php?id=CVE-2024-57177
10 Feb 2025 — By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information Existe una vulnerabilidad de inyección de encabezado de host en el paquete NPM de perfood/couch-auth <= 0.21.2. • https://github.com/perfood/couch-auth • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-46437
https://notcve.org/view.php?id=CVE-2024-46437
10 Feb 2025 — A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and base64-encoded administrator credentials, by sending a specially crafted HTTP POST request to the getQuickCfgWifiAndLogin function, bypassing authentication checks. • https://reddassolutions.com/blog/tenda_w18e_security_research • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-1115 – RT-Thread lwp_syscall.c sys_timer_settime information disclosure
https://notcve.org/view.php?id=CVE-2025-1115
08 Feb 2025 — The manipulation of the argument arg[0] leads to information disclosure. ... The manipulation of the argument arg[0] leads to information disclosure. ... Dank Manipulation des Arguments arg[0] mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/RT-Thread/rt-thread/issues/9877 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •