CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-27934
https://notcve.org/view.php?id=CVE-2025-27934
09 Apr 2025 — Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. • https://jvn.jp/en/vu/JVNVU93925742 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3442 – Information Disclosure Vulnerability in TP-Link Tapo IoT Smart Hub
https://notcve.org/view.php?id=CVE-2025-3442
09 Apr 2025 — This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device. This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by... • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0072 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-30678 – Trend Micro Apex Central modTMSM Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-30678
09 Apr 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the modTMSM webapp widget. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to disclose sensitive data, leading to further compro... •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-30679 – Trend Micro Apex Central modOSCE Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-30679
09 Apr 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the modOSCE webapp widget. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to disclose sensitive data, leading to further compro... •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-30680 – Trend Micro Apex Central Query Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-30680
09 Apr 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the Query method. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to disclose information in the context of the service account. •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-3480 – MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-3480
09 Apr 2025 — This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of MedDream WEB DICOM Viewer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Web Portal. The issue results from the lack of encryption when transmitting credentials. An attacker can leverage this vulnerability to disclose transmitted credentials, leading to further compromise. •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-29819 – Windows Admin Center in Azure Portal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-29819
08 Apr 2025 — External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29819 • CWE-73: External Control of File Name or Path •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29805 – Outlook for Android Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-29805
08 Apr 2025 — Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29805 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29808 – Windows Cryptographic Services Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-29808
08 Apr 2025 — Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29808 • CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation •
CVSS: 6.8EPSS: 0%CPEs: 21EXPL: 0CVE-2025-27738 – Windows Resilient File System (ReFS) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-27738
08 Apr 2025 — Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27738 • CWE-284: Improper Access Control •