CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-26495 – Sensitive Data Exposure in Tableau Server
https://notcve.org/view.php?id=CVE-2025-26495
11 Feb 2025 — Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.13, before 2021.2.14, before 2021.1.16, before 2020.4.19. • https://help.salesforce.com/s/articleView?id=000390611&type=1 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12756 – Avaya Spaces HTML injection (HTMLi) Vulnerability
https://notcve.org/view.php?id=CVE-2024-12756
11 Feb 2025 — An HTML Injection vulnerability in Avaya Spaces may have allowed disclosure of sensitive information or modification of the page content seen by the user. • https://support.avaya.com/css/public/documents/101091836 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 2.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-52966
https://notcve.org/view.php?id=CVE-2024-52966
11 Feb 2025 — An exposure of sensitive information to an unauthorized actor in Fortinet FortiAnalyzer 6.4.0 through 7.6.0 allows attacker to cause information disclosure via filter manipulation. • https://fortiguard.fortinet.com/psirt/FG-IR-24-422 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52611 – SolarWinds Platform Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-52611
11 Feb 2025 — The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-1_release_notes.htm • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28989 – SolarWinds Web Help Desk Cryptographic Key Management Vulnerability
https://notcve.org/view.php?id=CVE-2024-28989
11 Feb 2025 — SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software. • https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-5_release_notes.htm • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-24869 – Information Disclosure vulnerability in SAP NetWeaver Application Server Java
https://notcve.org/view.php?id=CVE-2025-24869
11 Feb 2025 — SAP NetWeaver Application Server Java allows an attacker to access an endpoint that can disclose information about deployed server components, including their XML definitions. This information should ideally be restricted to customer administrators, even though they may not need it. ... In such a scenario, sensitive information could be exposed without compromising its integrity or availability. • https://me.sap.com/notes/3550027 • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-23193 – Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP
https://notcve.org/view.php?id=CVE-2025-23193
11 Feb 2025 — SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based on the existence of a specified user, potentially revealing sensitive information. • https://me.sap.com/notes/3561264 • CWE-204: Observable Response Discrepancy •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-0900 – PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-0900
11 Feb 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12315 – Export All Posts, Products, Orders, Refunds & Users <= 2.9.3 - Information Disclosure Through Unprotected Directory
https://notcve.org/view.php?id=CVE-2024-12315
11 Feb 2025 — The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.3 via the exports directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/smack_uci_uploads/exports/ directory which can contain information like exported user data. • https://plugins.trac.wordpress.org/browser/wp-ultimate-exporter/trunk/exportExtensions/ExportExtension.php#L1678 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-10649 – Unauthenticated File Upload in wandb/openui
https://notcve.org/view.php?id=CVE-2024-10649
10 Feb 2025 — This can lead to multiple security issues including denial of service, stored XSS, and information disclosure. ... The lack of authentication allows any user to upload and overwrite files, potentially causing the S3 bucket to run out of space, injecting malicious scripts, and accessing sensitive information. • https://huntr.com/bounties/1025793a-3c19-4148-a26e-80cd84d4822d • CWE-306: Missing Authentication for Critical Function •