CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55604 – Appsmith's Broken Access Control Allows Viewer Role User to Query Datasources
https://notcve.org/view.php?id=CVE-2024-55604
25 Mar 2025 — This information disclosure does NOT expose sensitive data in the datasources, such as database passwords and API Keys. • https://github.com/appsmithorg/appsmith/security/advisories/GHSA-794x-gm8v-2wj6 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 4.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-2770 – BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-2770
25 Mar 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from storing credentials in a recoverable format. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-2772 – BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-2772
25 Mar 2025 — This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within /cgi-bin/tools_usermanage.asp. The issue results from transmitting a list of users and their credentials to be handled on the client side. An attacker can leverage this vulnerability to disclose transported credentials, leading to further compromise. •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-0256 – HCL DevOps Deploy / HCL Launch is susceptible to a sensitive information disclosure
https://notcve.org/view.php?id=CVE-2025-0256
24 Mar 2025 — HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119059 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-30609 – WordPress AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps - <= <= 1.4.3 Sensitive Data Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2025-30609
24 Mar 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in AppExperts AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps allows Retrieve Embedded Sensitive Data. This issue affects AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps: from n/a through 1.4.3. • https://patchstack.com/database/wordpress/plugin/appexperts/vulnerability/wordpress-appexperts-wordpress-to-mobile-app-woocommerce-to-ios-and-android-apps-1-4-3-sensitive-data-exposure-vulnerability? • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43029 – IBM Storage Virtualize vSphere Remote Plug-in information disclosure
https://notcve.org/view.php?id=CVE-2023-43029
21 Mar 2025 — IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment. • https://www.ibm.com/support/pages/node/7228722 • CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8487 – CORS Vulnerability in modelscope/agentscope
https://notcve.org/view.php?id=CVE-2024-8487
20 Mar 2025 — This can lead to unauthorized data access, information disclosure, and potential further exploitation, thereby compromising the integrity and confidentiality of the system. • https://huntr.com/bounties/7aca7507-a94e-4e63-83a2-15648e5c4067 • CWE-346: Origin Validation Error •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-12869 – Improper Authentication in infiniflow/ragflow
https://notcve.org/view.php?id=CVE-2024-12869
20 Mar 2025 — This data leakage can facilitate further attacks, such as phishing or spam, and result in loss of trust and potential regulatory issues. • https://huntr.com/bounties/768b1a56-1e79-416a-8445-65953568b04a • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9447 – Exposure of Sensitive Information in transformeroptimus/superagi
https://notcve.org/view.php?id=CVE-2024-9447
20 Mar 2025 — An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. • https://huntr.com/bounties/c952ea32-3047-42d3-8a3e-e67899e35dfd • CWE-1230: Exposure of Sensitive Information Through Metadata •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10264 – HTTP Request Smuggling in netease-youdao/qanything
https://notcve.org/view.php?id=CVE-2024-10264
20 Mar 2025 — This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and potentially arbitrary code execution. • https://huntr.com/bounties/988247d5-fd60-4d85-845a-e867d62c0d02 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •