CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-20231 – Sensitive Information Disclosure in Splunk Secure Gateway App
https://notcve.org/view.php?id=CVE-2025-20231
26 Mar 2025 — In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a higher-privileged user that could lead to disclosure of sensitive information.
The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authentica... • https://advisory.splunk.com/advisories/SVD-2025-0302 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23203 – Icinga has rest API endpoints accessible to restricted users
https://notcve.org/view.php?id=CVE-2025-23203
26 Mar 2025 — This results in further exploitation, data breaches and sensitive information disclosure. ... This could again result in further exploitation of this information and data breaches. • https://github.com/Icinga/icingaweb2-module-director/releases/tag/v1.10.3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-26001
https://notcve.org/view.php?id=CVE-2025-26001
26 Mar 2025 — Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter getUserNamePassword. • https://github.com/Fan-24/Digging/blob/main/1/1.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-26009
https://notcve.org/view.php?id=CVE-2025-26009
26 Mar 2025 — Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerability when requesting systemutilit.cgi. • https://github.com/Fan-24/Digging/blob/main/11/1.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-55965
https://notcve.org/view.php?id=CVE-2024-55965
26 Mar 2025 — This information disclosure does not expose sensitive data in the datasources, such as database passwords and API Keys. • https://github.com/appsmithorg/appsmith/security/advisories/GHSA-794x-gm8v-2wj6 • CWE-863: Incorrect Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31896 – IBM SPSS Statistics information disclosure
https://notcve.org/view.php?id=CVE-2024-31896
25 Mar 2025 — IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7228971 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-30214 – Frappe vulnerable to information disclosure leading to account takeover
https://notcve.org/view.php?id=CVE-2025-30214
25 Mar 2025 — Prior to versions 14.89.0 and 15.51.0, making crafted requests could lead to information disclosure that could further lead to account takeover. • https://github.com/frappe/frappe/security/advisories/GHSA-qrv3-jc3h-f3m6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55604 – Appsmith's Broken Access Control Allows Viewer Role User to Query Datasources
https://notcve.org/view.php?id=CVE-2024-55604
25 Mar 2025 — This information disclosure does NOT expose sensitive data in the datasources, such as database passwords and API Keys. • https://github.com/appsmithorg/appsmith/security/advisories/GHSA-794x-gm8v-2wj6 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 4.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-2770 – BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-2770
25 Mar 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from storing credentials in a recoverable format. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-2772 – BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-2772
25 Mar 2025 — This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within /cgi-bin/tools_usermanage.asp. The issue results from transmitting a list of users and their credentials to be handled on the client side. An attacker can leverage this vulnerability to disclose transported credentials, leading to further compromise. •