CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11449 – Server-Side Request Forgery in haotian-liu/llava
https://notcve.org/view.php?id=CVE-2024-11449
20 Mar 2025 — This flaw can lead to unauthorized network access, sensitive data exposure, and further exploitation within the network. • https://huntr.com/bounties/e96aba28-d564-4ecb-ab77-350511d2e1ee • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13558 – NP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2024-13558
19 Mar 2025 — The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests. • https://plugins.trac.wordpress.org/changeset/3256816 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2476 – Debian Security Advisory 5882-1
https://notcve.org/view.php?id=CVE-2025-2476
19 Mar 2025 — (Chromium security severity: Critical) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://github.com/McTavishSue/CVE-2025-2476 • CWE-416: Use After Free •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-29925 – XWiki allows unregistered users to access private pages information through REST endpoint
https://notcve.org/view.php?id=CVE-2025-29925
19 Mar 2025 — XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, protected pages are listed when requesting the REST endpoints /rest/wikis/[wikiName]/pages even if the user doesn't have view rights on them. It's particularly true if the entire wiki is protected with "Prevent unregistered user to view pages": the endpoint would still list the pages of the wiki, though only for the main wiki. The problem has been patched in XWiki 15.10.14, 16.4.6, 16.10.0RC1. In those versions the endpo... • https://github.com/xwiki/xwiki-platform/commit/1fb12d2780f37b34a1b4dfdf8457d97ce5cbb2df • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-27080 – Authenticated Sensitive Information Disclosure exposes Credentials in AOS-CX Command Line Interface
https://notcve.org/view.php?id=CVE-2025-27080
18 Mar 2025 — Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04818en_us&docLocale=en_US • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-25042 – Authenticated Access Control Vulnerability allows Sensitive Information Disclosure in AOS-CX REST Interface
https://notcve.org/view.php?id=CVE-2025-25042
18 Mar 2025 — A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04818en_us&docLocale=en_US • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 4.2EPSS: 0%CPEs: -EXPL: 0CVE-2025-25586
https://notcve.org/view.php?id=CVE-2025-25586
18 Mar 2025 — yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml. • https://gitee.com/r1bbit/yimioa/issues/IBI7LR • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44276
https://notcve.org/view.php?id=CVE-2024-44276
17 Mar 2025 — This issue was addressed by using HTTPS when sending information over the network. ... A user in a privileged network position may be able to leak sensitive information. • https://support.apple.com/en-us/121837 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-2348 – IROAD Dash Cam FX2 HTTP/RTSP event information disclosure
https://notcve.org/view.php?id=CVE-2025-2348
16 Mar 2025 — The manipulation leads to information disclosure. ... Durch das Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-8-dumping-files-over-http-and-rtsp-without-authentication • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2157 – Foreman: disclosure of executed commands and outputs in foreman / red hat satellite
https://notcve.org/view.php?id=CVE-2025-2157
15 Mar 2025 — This issue can lead to information disclosure and privilege escalation if exploited effectively. • https://access.redhat.com/security/cve/CVE-2025-2157 • CWE-922: Insecure Storage of Sensitive Information •