CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11449 – Server-Side Request Forgery in haotian-liu/llava
https://notcve.org/view.php?id=CVE-2024-11449
20 Mar 2025 — This flaw can lead to unauthorized network access, sensitive data exposure, and further exploitation within the network. • https://huntr.com/bounties/e96aba28-d564-4ecb-ab77-350511d2e1ee • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13558 – NP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2024-13558
19 Mar 2025 — The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests. • https://plugins.trac.wordpress.org/changeset/3256816 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2476 – Debian Security Advisory 5882-1
https://notcve.org/view.php?id=CVE-2025-2476
19 Mar 2025 — (Chromium security severity: Critical) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://github.com/McTavishSue/CVE-2025-2476 • CWE-416: Use After Free •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-27080 – Authenticated Sensitive Information Disclosure exposes Credentials in AOS-CX Command Line Interface
https://notcve.org/view.php?id=CVE-2025-27080
18 Mar 2025 — Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04818en_us&docLocale=en_US • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-25042 – Authenticated Access Control Vulnerability allows Sensitive Information Disclosure in AOS-CX REST Interface
https://notcve.org/view.php?id=CVE-2025-25042
18 Mar 2025 — A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04818en_us&docLocale=en_US • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 4.2EPSS: 0%CPEs: -EXPL: 0CVE-2025-25586
https://notcve.org/view.php?id=CVE-2025-25586
18 Mar 2025 — yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml. • https://gitee.com/r1bbit/yimioa/issues/IBI7LR • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2352 – StarSea99 starsea-mall Backend save cross site scripting
https://notcve.org/view.php?id=CVE-2025-2352
16 Mar 2025 — This is why information about affected and unaffected releases are unavailable. ... The vendor was contacted early about this disclosure but did not respond in any way. • https://github.com/Jingyi-u/starsea-mall/tree/main • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-2348 – IROAD Dash Cam FX2 HTTP/RTSP event information disclosure
https://notcve.org/view.php?id=CVE-2025-2348
16 Mar 2025 — The manipulation leads to information disclosure. ... Durch das Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-8-dumping-files-over-http-and-rtsp-without-authentication • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 1CVE-2025-2322 – 274056675 springboot-openai-chatgpt OpenController.java hard-coded credentials
https://notcve.org/view.php?id=CVE-2025-2322
15 Mar 2025 — This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. • https://vuldb.com/?ctiid.299751 • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2157 – Foreman: disclosure of executed commands and outputs in foreman / red hat satellite
https://notcve.org/view.php?id=CVE-2025-2157
15 Mar 2025 — This issue can lead to information disclosure and privilege escalation if exploited effectively. • https://access.redhat.com/security/cve/CVE-2025-2157 • CWE-922: Insecure Storage of Sensitive Information •