CVSS: 4.2EPSS: 0%CPEs: -EXPL: 0CVE-2025-25586
https://notcve.org/view.php?id=CVE-2025-25586
18 Mar 2025 — yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml. • https://gitee.com/r1bbit/yimioa/issues/IBI7LR • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2352 – StarSea99 starsea-mall Backend save cross site scripting
https://notcve.org/view.php?id=CVE-2025-2352
16 Mar 2025 — This is why information about affected and unaffected releases are unavailable. ... The vendor was contacted early about this disclosure but did not respond in any way. • https://github.com/Jingyi-u/starsea-mall/tree/main • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-2348 – IROAD Dash Cam FX2 HTTP/RTSP event information disclosure
https://notcve.org/view.php?id=CVE-2025-2348
16 Mar 2025 — The manipulation leads to information disclosure. ... Durch das Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-8-dumping-files-over-http-and-rtsp-without-authentication • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 1CVE-2025-2322 – 274056675 springboot-openai-chatgpt OpenController.java hard-coded credentials
https://notcve.org/view.php?id=CVE-2025-2322
15 Mar 2025 — This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. • https://vuldb.com/?ctiid.299751 • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2157 – Foreman: disclosure of executed commands and outputs in foreman / red hat satellite
https://notcve.org/view.php?id=CVE-2025-2157
15 Mar 2025 — This issue can lead to information disclosure and privilege escalation if exploited effectively. • https://access.redhat.com/security/cve/CVE-2025-2157 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2025 – Give <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Function
https://notcve.org/view.php?id=CVE-2025-2025
14 Mar 2025 — This makes it possible for unauthenticated attackers to disclose sensitive information included within earnings reports. • https://plugins.trac.wordpress.org/browser/give/trunk/includes/admin/reports/reports.php#L304 • CWE-862: Missing Authorization •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45638 – IBM QRadar EDR information disclosure
https://notcve.org/view.php?id=CVE-2024-45638
14 Mar 2025 — IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user. • https://www.ibm.com/support/pages/node/7185938 • CWE-256: Plaintext Storage of a Password •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45643 – IBM QRadar EDR information disclosure
https://notcve.org/view.php?id=CVE-2024-45643
14 Mar 2025 — IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information. • https://www.ibm.com/support/pages/node/7185938 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2264 – Santesoft Sante PACS Server Path Traversal Information Disclosure
https://notcve.org/view.php?id=CVE-2025-2264
13 Mar 2025 — A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". • https://www.tenable.com/security/research/tra-2025-08 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13407 – Omnipress <= 1.5.4 - Authenticated (Contributor+) Post Disclosure
https://notcve.org/view.php?id=CVE-2024-13407
13 Mar 2025 — The Omnipress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.4 via the megamenu block due to insufficient restrictions on which posts can be included. • https://plugins.trac.wordpress.org/changeset/3254484/omnipress/trunk/includes/Blocks/BlockTypes/Megamenu.php • CWE-639: Authorization Bypass Through User-Controlled Key •