CVSS: 5.5EPSS: 0%CPEs: 26EXPL: 0CVE-2025-24992 – Windows NTFS Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24992
11 Mar 2025 — Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24992 • CWE-126: Buffer Over-read •
CVSS: 4.9EPSS: 16%CPEs: 21EXPL: 0CVE-2025-24984 – Microsoft Windows NTFS Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24984
11 Mar 2025 — Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack. Microsoft Windows New Technology File System (NTFS) contains an insertion of sensitive Information into log file vulnerability that allows an unauthorized attacker to disclose information with a physical attack. An attacker who successfully exploited this vulnerability could potentially read portions of heap memory. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24984 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.6EPSS: 0%CPEs: 26EXPL: 0CVE-2025-24055 – Windows USB Video Class System Driver Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24055
11 Mar 2025 — Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24055 • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-2189 – Information Disclosure Vulnerability in Tinxy Smart Devices
https://notcve.org/view.php?id=CVE-2025-2189
11 Mar 2025 — This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device. Esta vulnerabilidad existe en los dispositivos inteligentes Tinxy debido al almacenamiento de credenciales en texto plano dentro del firmware del dispositivo. Un atacante con acceso físico podría aprovechar est... • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0043 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22340 – IBM Common Cryptographic Architecture information disclosure
https://notcve.org/view.php?id=CVE-2024-22340
11 Mar 2025 — IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack. • https://www.ibm.com/support/pages/node/7185282 • CWE-208: Observable Timing Discrepancy •
CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41760 – IBM Common Cryptographic Architecture information disclosure
https://notcve.org/view.php?id=CVE-2024-41760
11 Mar 2025 — IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations. • https://www.ibm.com/support/pages/node/7185282 • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-27431 – Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java
https://notcve.org/view.php?id=CVE-2025-27431
11 Mar 2025 — This could enable an attacker to inject malicious payload that gets stored and executed when a user accesses the functionality, hence leading to information disclosure or unauthorized data modifications within the scope of victim�s browser. • https://me.sap.com/notes/3567246 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23185 – Information Disclosure in SAP Business Objects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2025-23185
11 Mar 2025 — Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privileges has access to this disclosed information, and they could use it to craft further exploits. There is no impact on the integrity and availability of the application. • https://me.sap.com/notes/3549494 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-0071 – Information Disclosure vulnerability in SAP Web Dispatcher and Internet Communication Manager
https://notcve.org/view.php?id=CVE-2025-0071
11 Mar 2025 — SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. There is no impact on integrity or availability. • https://me.sap.com/notes/3558132 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26701
https://notcve.org/view.php?id=CVE-2025-26701
11 Mar 2025 — The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. • https://www.percona.com/blog/security-advisory-cve-affecting-percona-monitoring-and-management-pmm • CWE-1393: Use of Default Password •