CVSS: 7.8EPSS: 1%CPEs: -EXPL: 0CVE-2024-9362 – Directory Traversal in polyaxon/polyaxon
https://notcve.org/view.php?id=CVE-2024-9362
20 Mar 2025 — This vulnerability allows an attacker to retrieve directory information and file contents from the server without proper authorization, leading to sensitive information disclosure. • https://huntr.com/bounties/d8dcb40f-ce76-4524-8d06-e0f12a07809d • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10267 – Information Disclosure in transformeroptimus/superagi
https://notcve.org/view.php?id=CVE-2024-10267
20 Mar 2025 — An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is already in use. • https://huntr.com/bounties/13da8366-4670-4d46-9f5a-ba3f642b692e • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11449 – Server-Side Request Forgery in haotian-liu/llava
https://notcve.org/view.php?id=CVE-2024-11449
20 Mar 2025 — This flaw can lead to unauthorized network access, sensitive data exposure, and further exploitation within the network. • https://huntr.com/bounties/e96aba28-d564-4ecb-ab77-350511d2e1ee • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13558 – NP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2024-13558
19 Mar 2025 — The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests. • https://plugins.trac.wordpress.org/changeset/3256816 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2476 – Debian Security Advisory 5882-1
https://notcve.org/view.php?id=CVE-2025-2476
19 Mar 2025 — (Chromium security severity: Critical) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://github.com/McTavishSue/CVE-2025-2476 • CWE-416: Use After Free •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-27080 – Authenticated Sensitive Information Disclosure exposes Credentials in AOS-CX Command Line Interface
https://notcve.org/view.php?id=CVE-2025-27080
18 Mar 2025 — Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthorized access to services outside of the impacted switch, potentially leading to lateral movement involving those services. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04818en_us&docLocale=en_US • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-25042 – Authenticated Access Control Vulnerability allows Sensitive Information Disclosure in AOS-CX REST Interface
https://notcve.org/view.php?id=CVE-2025-25042
18 Mar 2025 — A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized access or data breaches. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04818en_us&docLocale=en_US • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 4.2EPSS: 0%CPEs: -EXPL: 0CVE-2025-25586
https://notcve.org/view.php?id=CVE-2025-25586
18 Mar 2025 — yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml. • https://gitee.com/r1bbit/yimioa/issues/IBI7LR • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-2348 – IROAD Dash Cam FX2 HTTP/RTSP event information disclosure
https://notcve.org/view.php?id=CVE-2025-2348
16 Mar 2025 — The manipulation leads to information disclosure. ... Durch das Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-8-dumping-files-over-http-and-rtsp-without-authentication • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2157 – Foreman: disclosure of executed commands and outputs in foreman / red hat satellite
https://notcve.org/view.php?id=CVE-2025-2157
15 Mar 2025 — This issue can lead to information disclosure and privilege escalation if exploited effectively. • https://access.redhat.com/security/cve/CVE-2025-2157 • CWE-922: Insecure Storage of Sensitive Information •