CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-2348 – IROAD Dash Cam FX2 HTTP/RTSP event information disclosure
https://notcve.org/view.php?id=CVE-2025-2348
16 Mar 2025 — The manipulation leads to information disclosure. ... Durch das Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-8-dumping-files-over-http-and-rtsp-without-authentication • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 1CVE-2025-2322 – 274056675 springboot-openai-chatgpt OpenController.java hard-coded credentials
https://notcve.org/view.php?id=CVE-2025-2322
15 Mar 2025 — This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. • https://vuldb.com/?ctiid.299751 • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2157 – Foreman: disclosure of executed commands and outputs in foreman / red hat satellite
https://notcve.org/view.php?id=CVE-2025-2157
15 Mar 2025 — This issue can lead to information disclosure and privilege escalation if exploited effectively. • https://access.redhat.com/security/cve/CVE-2025-2157 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2025 – Give <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Function
https://notcve.org/view.php?id=CVE-2025-2025
14 Mar 2025 — This makes it possible for unauthenticated attackers to disclose sensitive information included within earnings reports. • https://plugins.trac.wordpress.org/browser/give/trunk/includes/admin/reports/reports.php#L304 • CWE-862: Missing Authorization •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45638 – IBM QRadar EDR information disclosure
https://notcve.org/view.php?id=CVE-2024-45638
14 Mar 2025 — IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user. • https://www.ibm.com/support/pages/node/7185938 • CWE-256: Plaintext Storage of a Password •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45643 – IBM QRadar EDR information disclosure
https://notcve.org/view.php?id=CVE-2024-45643
14 Mar 2025 — IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information. • https://www.ibm.com/support/pages/node/7185938 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2264 – Santesoft Sante PACS Server Path Traversal Information Disclosure
https://notcve.org/view.php?id=CVE-2025-2264
13 Mar 2025 — A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". • https://www.tenable.com/security/research/tra-2025-08 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13407 – Omnipress <= 1.5.4 - Authenticated (Contributor+) Post Disclosure
https://notcve.org/view.php?id=CVE-2024-13407
13 Mar 2025 — The Omnipress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.4 via the megamenu block due to insufficient restrictions on which posts can be included. • https://plugins.trac.wordpress.org/changeset/3254484/omnipress/trunk/includes/Blocks/BlockTypes/Megamenu.php • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-2002
https://notcve.org/view.php?id=CVE-2025-2002
12 Mar 2025 — CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device. CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug ... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-070-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-070-01.pdf • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-2239 – Absolute Path Disclosure Vulnerability in Hillstone Next Generation FireWall
https://notcve.org/view.php?id=CVE-2025-2239
12 Mar 2025 — Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23. • https://www.hillstonenet.com.cn/security-notification/2025/02/17/stoneosjd • CWE-209: Generation of Error Message Containing Sensitive Information •