CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2264 – Santesoft Sante PACS Server Path Traversal Information Disclosure
https://notcve.org/view.php?id=CVE-2025-2264
13 Mar 2025 — A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". • https://www.tenable.com/security/research/tra-2025-08 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23242 – NVIDIA Riva Triton Inference Server Missing Authentication Vulnerability
https://notcve.org/view.php?id=CVE-2025-23242
11 Mar 2025 — A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, denial of service, or information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5625 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 26EXPL: 0CVE-2025-24992 – Windows NTFS Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24992
11 Mar 2025 — Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24992 • CWE-126: Buffer Over-read •
CVSS: 4.9EPSS: 19%CPEs: 21EXPL: 0CVE-2025-24984 – Microsoft Windows NTFS Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24984
11 Mar 2025 — Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack. Microsoft Windows New Technology File System (NTFS) contains an insertion of sensitive Information into log file vulnerability that allows an unauthorized attacker to disclose information with a physical attack. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24984 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.6EPSS: 0%CPEs: 26EXPL: 0CVE-2025-24055 – Windows USB Video Class System Driver Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24055
11 Mar 2025 — Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24055 • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-2189 – Information Disclosure Vulnerability in Tinxy Smart Devices
https://notcve.org/view.php?id=CVE-2025-2189
11 Mar 2025 — This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device. Esta vulnerabilidad existe en los dispositivos inteligentes Tinxy debido al almacenamiento de credenciales en texto plano dentro del firmware del dispositivo. Un atacante con acceso físico podría aprovechar est... • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0043 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22340 – IBM Common Cryptographic Architecture information disclosure
https://notcve.org/view.php?id=CVE-2024-22340
11 Mar 2025 — IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack. • https://www.ibm.com/support/pages/node/7185282 • CWE-208: Observable Timing Discrepancy •
CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41760 – IBM Common Cryptographic Architecture information disclosure
https://notcve.org/view.php?id=CVE-2024-41760
11 Mar 2025 — IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations. • https://www.ibm.com/support/pages/node/7185282 • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-27431 – Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java
https://notcve.org/view.php?id=CVE-2025-27431
11 Mar 2025 — This could enable an attacker to inject malicious payload that gets stored and executed when a user accesses the functionality, hence leading to information disclosure or unauthorized data modifications within the scope of victim�s browser. • https://me.sap.com/notes/3567246 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23185 – Information Disclosure in SAP Business Objects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2025-23185
11 Mar 2025 — Only an attacker with administrator level privileges has access to this disclosed information, and they could use it to craft further exploits. • https://me.sap.com/notes/3549494 • CWE-209: Generation of Error Message Containing Sensitive Information •