CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9447 – Exposure of Sensitive Information in transformeroptimus/superagi
https://notcve.org/view.php?id=CVE-2024-9447
20 Mar 2025 — An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. • https://huntr.com/bounties/c952ea32-3047-42d3-8a3e-e67899e35dfd • CWE-1230: Exposure of Sensitive Information Through Metadata •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10264 – HTTP Request Smuggling in netease-youdao/qanything
https://notcve.org/view.php?id=CVE-2024-10264
20 Mar 2025 — This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and potentially arbitrary code execution. • https://huntr.com/bounties/988247d5-fd60-4d85-845a-e867d62c0d02 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.8EPSS: 1%CPEs: -EXPL: 0CVE-2024-9362 – Directory Traversal in polyaxon/polyaxon
https://notcve.org/view.php?id=CVE-2024-9362
20 Mar 2025 — This vulnerability allows an attacker to retrieve directory information and file contents from the server without proper authorization, leading to sensitive information disclosure. • https://huntr.com/bounties/d8dcb40f-ce76-4524-8d06-e0f12a07809d • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10267 – Information Disclosure in transformeroptimus/superagi
https://notcve.org/view.php?id=CVE-2024-10267
20 Mar 2025 — An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is already in use. The server returns all information associated with the existing account. • https://huntr.com/bounties/13da8366-4670-4d46-9f5a-ba3f642b692e • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10274 – Improper Authorization in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-10274
20 Mar 2025 — The /users/me/org endpoint lacks adequate access control mechanisms, allowing unauthorized users to access sensitive information about all team members in the current organization. This vulnerability can lead to the disclosure of sensitive information such as names, roles, or emails to users without sufficient privileges, resulting in privacy violations and potential reconnaissance for targeted attacks. • https://github.com/lunary-ai/lunary/commit/8ba1b8ba2c2c30b1cec30eb5777c1fda670cbbfc • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11449 – Server-Side Request Forgery in haotian-liu/llava
https://notcve.org/view.php?id=CVE-2024-11449
20 Mar 2025 — This flaw can lead to unauthorized network access, sensitive data exposure, and further exploitation within the network. • https://huntr.com/bounties/e96aba28-d564-4ecb-ab77-350511d2e1ee • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13558 – NP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2024-13558
19 Mar 2025 — The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests. • https://plugins.trac.wordpress.org/changeset/3256816 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2476 – Debian Security Advisory 5882-1
https://notcve.org/view.php?id=CVE-2025-2476
19 Mar 2025 — (Chromium security severity: Critical) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://github.com/McTavishSue/CVE-2025-2476 • CWE-416: Use After Free •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-27080 – Authenticated Sensitive Information Disclosure exposes Credentials in AOS-CX Command Line Interface
https://notcve.org/view.php?id=CVE-2025-27080
18 Mar 2025 — Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04818en_us&docLocale=en_US • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-25042 – Authenticated Access Control Vulnerability allows Sensitive Information Disclosure in AOS-CX REST Interface
https://notcve.org/view.php?id=CVE-2025-25042
18 Mar 2025 — A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04818en_us&docLocale=en_US • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •