CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-30214 – Frappe vulnerable to information disclosure leading to account takeover
https://notcve.org/view.php?id=CVE-2025-30214
25 Mar 2025 — Prior to versions 14.89.0 and 15.51.0, making crafted requests could lead to information disclosure that could further lead to account takeover. • https://github.com/frappe/frappe/security/advisories/GHSA-qrv3-jc3h-f3m6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55604 – Appsmith's Broken Access Control Allows Viewer Role User to Query Datasources
https://notcve.org/view.php?id=CVE-2024-55604
25 Mar 2025 — Users invited as "App Viewer" should not have access to development information of a workspace. ... This information disclosure does NOT expose sensitive data in the datasources, such as database passwords and API Keys. • https://github.com/appsmithorg/appsmith/security/advisories/GHSA-794x-gm8v-2wj6 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 4.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-2770 – BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-2770
25 Mar 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of BEC Technologies routers. •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-2772 – BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-2772
25 Mar 2025 — This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BEC Technologies routers. •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-0256 – HCL DevOps Deploy / HCL Launch is susceptible to a sensitive information disclosure
https://notcve.org/view.php?id=CVE-2025-0256
24 Mar 2025 — HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119059 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-30609 – WordPress AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps - <= <= 1.4.3 Sensitive Data Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2025-30609
24 Mar 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in AppExperts AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps allows Retrieve Embedded Sensitive Data. • https://patchstack.com/database/wordpress/plugin/appexperts/vulnerability/wordpress-appexperts-wordpress-to-mobile-app-woocommerce-to-ios-and-android-apps-1-4-3-sensitive-data-exposure-vulnerability? • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43029 – IBM Storage Virtualize vSphere Remote Plug-in information disclosure
https://notcve.org/view.php?id=CVE-2023-43029
21 Mar 2025 — IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment. • https://www.ibm.com/support/pages/node/7228722 • CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8487 – CORS Vulnerability in modelscope/agentscope
https://notcve.org/view.php?id=CVE-2024-8487
20 Mar 2025 — This can lead to unauthorized data access, information disclosure, and potential further exploitation, thereby compromising the integrity and confidentiality of the system. • https://huntr.com/bounties/7aca7507-a94e-4e63-83a2-15648e5c4067 • CWE-346: Origin Validation Error •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-12869 – Improper Authentication in infiniflow/ragflow
https://notcve.org/view.php?id=CVE-2024-12869
20 Mar 2025 — This can lead to a privacy breach where users' personal or private information, such as email addresses or usernames in the invite list, could be exposed without their consent. This data leakage can facilitate further attacks, such as phishing or spam, and result in loss of trust and potential regulatory issues. • https://huntr.com/bounties/768b1a56-1e79-416a-8445-65953568b04a • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9447 – Exposure of Sensitive Information in transformeroptimus/superagi
https://notcve.org/view.php?id=CVE-2024-9447
20 Mar 2025 — An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. • https://huntr.com/bounties/c952ea32-3047-42d3-8a3e-e67899e35dfd • CWE-1230: Exposure of Sensitive Information Through Metadata •