CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-0256 – HCL DevOps Deploy / HCL Launch is susceptible to a sensitive information disclosure
https://notcve.org/view.php?id=CVE-2025-0256
24 Mar 2025 — HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119059 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30609 – WordPress AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps - <= <= 1.4.3 Sensitive Data Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2025-30609
24 Mar 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in AppExperts AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps allows Retrieve Embedded Sensitive Data. ... The APPExperts – Mobile App Builder for WordPress | WooCommerce to iOS and Android Apps plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.3. • https://patchstack.com/database/wordpress/plugin/appexperts/vulnerability/wordpress-appexperts-wordpress-to-mobile-app-woocommerce-to-ios-and-android-apps-1-4-3-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43029 – IBM Storage Virtualize vSphere Remote Plug-in information disclosure
https://notcve.org/view.php?id=CVE-2023-43029
21 Mar 2025 — IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment. • https://www.ibm.com/support/pages/node/7228722 • CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8487 – CORS Vulnerability in modelscope/agentscope
https://notcve.org/view.php?id=CVE-2024-8487
20 Mar 2025 — This can lead to unauthorized data access, information disclosure, and potential further exploitation, thereby compromising the integrity and confidentiality of the system. • https://huntr.com/bounties/7aca7507-a94e-4e63-83a2-15648e5c4067 • CWE-346: Origin Validation Error •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-12869 – Improper Authentication in infiniflow/ragflow
https://notcve.org/view.php?id=CVE-2024-12869
20 Mar 2025 — This can lead to a privacy breach where users' personal or private information, such as email addresses or usernames in the invite list, could be exposed without their consent. This data leakage can facilitate further attacks, such as phishing or spam, and result in loss of trust and potential regulatory issues. • https://huntr.com/bounties/768b1a56-1e79-416a-8445-65953568b04a • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9447 – Exposure of Sensitive Information in transformeroptimus/superagi
https://notcve.org/view.php?id=CVE-2024-9447
20 Mar 2025 — An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. • https://huntr.com/bounties/c952ea32-3047-42d3-8a3e-e67899e35dfd • CWE-1230: Exposure of Sensitive Information Through Metadata •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10264 – HTTP Request Smuggling in netease-youdao/qanything
https://notcve.org/view.php?id=CVE-2024-10264
20 Mar 2025 — This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and potentially arbitrary code execution. • https://huntr.com/bounties/988247d5-fd60-4d85-845a-e867d62c0d02 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.8EPSS: 1%CPEs: -EXPL: 0CVE-2024-9362 – Directory Traversal in polyaxon/polyaxon
https://notcve.org/view.php?id=CVE-2024-9362
20 Mar 2025 — This vulnerability allows an attacker to retrieve directory information and file contents from the server without proper authorization, leading to sensitive information disclosure. • https://huntr.com/bounties/d8dcb40f-ce76-4524-8d06-e0f12a07809d • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10267 – Information Disclosure in transformeroptimus/superagi
https://notcve.org/view.php?id=CVE-2024-10267
20 Mar 2025 — An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is already in use. The server returns all information associated with the existing account. • https://huntr.com/bounties/13da8366-4670-4d46-9f5a-ba3f642b692e • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10274 – Improper Authorization in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-10274
20 Mar 2025 — The /users/me/org endpoint lacks adequate access control mechanisms, allowing unauthorized users to access sensitive information about all team members in the current organization. This vulnerability can lead to the disclosure of sensitive information such as names, roles, or emails to users without sufficient privileges, resulting in privacy violations and potential reconnaissance for targeted attacks. • https://github.com/lunary-ai/lunary/commit/8ba1b8ba2c2c30b1cec30eb5777c1fda670cbbfc • CWE-285: Improper Authorization •