CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2025-2726 – H3C Magic BE18000 HTTP POST Request esps command injection
https://notcve.org/view.php?id=CVE-2025-2726
25 Mar 2025 — The vendor was contacted early about this disclosure but did not respond in any way. • https://github.com/ZIKH26/CVE-information/blob/master/H3C/Vulnerability%20Information_2.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2025-2725 – H3C Magic BE18000 HTTP POST Request auth command injection
https://notcve.org/view.php?id=CVE-2025-2725
25 Mar 2025 — The vendor was contacted early about this disclosure but did not respond in any way. • https://github.com/ZIKH26/CVE-information/blob/master/H3C/Vulnerability%20Information_1.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.9EPSS: 1%CPEs: -EXPL: 0CVE-2025-2770 – BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-2770
25 Mar 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of BEC Technologies routers. •
CVSS: 5.3EPSS: 1%CPEs: -EXPL: 0CVE-2025-2772 – BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-2772
25 Mar 2025 — This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BEC Technologies routers. •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-0256 – HCL DevOps Deploy / HCL Launch is susceptible to a sensitive information disclosure
https://notcve.org/view.php?id=CVE-2025-0256
24 Mar 2025 — HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119059 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-30609 – WordPress AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps - <= <= 1.4.3 Sensitive Data Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2025-30609
24 Mar 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in AppExperts AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps allows Retrieve Embedded Sensitive Data. • https://patchstack.com/database/wordpress/plugin/appexperts/vulnerability/wordpress-appexperts-wordpress-to-mobile-app-woocommerce-to-ios-and-android-apps-1-4-3-sensitive-data-exposure-vulnerability? • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2252 – Easy Digital Downloads – eCommerce Payments and Subscriptions made easy <= 3.3.6.1 - Unauthenticated Private Post Title Disclosure
https://notcve.org/view.php?id=CVE-2025-2252
24 Mar 2025 — The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. • https://plugins.trac.wordpress.org/browser/easy-digital-downloads/tags/3.3.6.1/includes/ajax-functions.php#L459 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43029 – IBM Storage Virtualize vSphere Remote Plug-in information disclosure
https://notcve.org/view.php?id=CVE-2023-43029
21 Mar 2025 — IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment. • https://www.ibm.com/support/pages/node/7228722 • CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8487 – CORS Vulnerability in modelscope/agentscope
https://notcve.org/view.php?id=CVE-2024-8487
20 Mar 2025 — This can lead to unauthorized data access, information disclosure, and potential further exploitation, thereby compromising the integrity and confidentiality of the system. • https://huntr.com/bounties/7aca7507-a94e-4e63-83a2-15648e5c4067 • CWE-346: Origin Validation Error •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-12869 – Improper Authentication in infiniflow/ragflow
https://notcve.org/view.php?id=CVE-2024-12869
20 Mar 2025 — This can lead to a privacy breach where users' personal or private information, such as email addresses or usernames in the invite list, could be exposed without their consent. This data leakage can facilitate further attacks, such as phishing or spam, and result in loss of trust and potential regulatory issues. • https://huntr.com/bounties/768b1a56-1e79-416a-8445-65953568b04a • CWE-287: Improper Authentication •