CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0227 – Tsinghua Unigroup Electronic Archives System downLoad.html information disclosure
https://notcve.org/view.php?id=CVE-2025-0227
05 Jan 2025 — The manipulation of the argument path leads to information disclosure. ... Durch Manipulation des Arguments path mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/BxYQ/ld/blob/main/file_read1/poc.py • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0226 – Tsinghua Unigroup Electronic Archives System downLoad.html download information disclosure
https://notcve.org/view.php?id=CVE-2025-0226
05 Jan 2025 — The manipulation of the argument path leads to information disclosure. ... Durch die Manipulation des Arguments path mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/BxYQ/ld/blob/main/file_read2/poc.py • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: -EXPL: 1CVE-2025-0224 – Provision-ISR SH-4050A-2 server.js information disclosure
https://notcve.org/view.php?id=CVE-2025-0224
05 Jan 2025 — The manipulation leads to information disclosure. ... Dank Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://netsecfish.notion.site/Sensitive-Device-Information-Disclosure-in-Provision-ISR-DVR-1626b683e67c803881befbc730a93bf6? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41763 – IBM Engineering Lifecycle Optimization - Publishing information disclosure
https://notcve.org/view.php?id=CVE-2024-41763
04 Jan 2025 — IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7180204 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55897 – IBM PowerHA SystemMirror for i information disclosure
https://notcve.org/view.php?id=CVE-2024-55897
03 Jan 2025 — IBM PowerHA SystemMirror for i 7.4 and 7.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. • https://www.ibm.com/support/pages/node/7180036 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56324 – GoCD vulnerable to XXE injection via abuse of pipeline XML "snippet" editing by group admins
https://notcve.org/view.php?id=CVE-2024-56324
03 Jan 2025 — Theoretically, the XXE vulnerability can result in additional attacks such as SSRF, information disclosure from the GoCD server, and directory traversal, although these additional attacks have not been explicitly demonstrated as exploitable. • https://github.com/gocd/gocd/commit/410331a97eb2935e04c1372f50658e05c533f733 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41780 – IBM Jazz Foundation information disclosure
https://notcve.org/view.php?id=CVE-2024-41780
03 Jan 2025 — IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could could allow a physical user to obtain sensitive information due to not masking passwords during entry. • https://www.ibm.com/support/pages/node/7180119 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5591 – IBM Jazz Foundation information disclosure
https://notcve.org/view.php?id=CVE-2024-5591
03 Jan 2025 — IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7180120 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53839
https://notcve.org/view.php?id=CVE-2024-53839
03 Jan 2025 — This could lead to local information disclosure with baseband firmware compromise required. • https://source.android.com/security/bulletin/pixel/2024-12-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53834
https://notcve.org/view.php?id=CVE-2024-53834
03 Jan 2025 — This could lead to remote information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2024-12-01 • CWE-125: Out-of-bounds Read •