CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-59454 – Apache CloudStack: Lack of user permission validation leading to data leak for few APIs
https://notcve.org/view.php?id=CVE-2025-59454
27 Nov 2025 — In Apache CloudStack, a gap in access control checks affected the APIs - createNetworkACL - listNetworkACLs - listResourceDetails - listVirtualMachinesUsageHistory - listVolumesUsageHistory While these APIs were accessible only to authorized users, insufficient permission validation meant that users could occasionally access information beyond their intended scope. Users are recommended to upgrade to Apache CloudStack 4.20.2.0 or 4.22.0.0, which fixes the issue. In Apache CloudStack, a gap in access control... • https://lists.apache.org/thread/0hlklvlwhzsfw39nocmyxb6svjbs9xbc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3784 – Information Disclosure Vulnerability in GX Works2
https://notcve.org/view.php?id=CVE-2025-3784
27 Nov 2025 — Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. As a result, the attacker may be able to open project files protected by user authentication using disclosed credential information, and obtain or modify project information. • https://jvn.jp/vu/JVNVU95288056 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20373 – Sensitive Information Disclosure in “_internal“ index through Splunk Add-On for Palo Alto Networks
https://notcve.org/view.php?id=CVE-2025-20373
26 Nov 2025 — In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the _internal index during the addition of new “Data Security Accounts“. The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. See [Define roles on the Splunk platform with capabi... • https://advisory.splunk.com/advisories/SVD-2025-1105 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-65276
https://notcve.org/view.php?id=CVE-2025-65276
26 Nov 2025 — Successful exploitation can lead to information disclosure, data manipulation, and privilege escalation. • https://gist.github.com/whoisrushi/c3bfcd1adf96d80952edbd03d0310836 • CWE-284: Improper Access Control •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-34350 – UnForm Server < 10.1.15 Doc Flow Unauthenticated File Read
https://notcve.org/view.php?id=CVE-2025-34350
25 Nov 2025 — This issue may lead to sensitive information disclosure and, in some environments, enable further lateral movement. • https://unform.com/download/uf101_readme.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33203
https://notcve.org/view.php?id=CVE-2025-33203
25 Nov 2025 — A successful exploit of this vulnerability may lead to information disclosure and denial of service. • https://nvd.nist.gov/vuln/detail/CVE-2025-33203 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33204
https://notcve.org/view.php?id=CVE-2025-33204
25 Nov 2025 — A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-33204 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 2.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-33200
https://notcve.org/view.php?id=CVE-2025-33200
25 Nov 2025 — A successful exploit of this vulnerability might lead to information disclosure. • https://nvd.nist.gov/vuln/detail/CVE-2025-33200 • CWE-226: Sensitive Information in Resource Not Removed Before Reuse •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-33198
https://notcve.org/view.php?id=CVE-2025-33198
25 Nov 2025 — A successful exploit of this vulnerability might lead to information disclosure. • https://nvd.nist.gov/vuln/detail/CVE-2025-33198 • CWE-226: Sensitive Information in Resource Not Removed Before Reuse •
CVSS: 4.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-33196
https://notcve.org/view.php?id=CVE-2025-33196
25 Nov 2025 — A successful exploit of this vulnerability might lead to information disclosure. • https://nvd.nist.gov/vuln/detail/CVE-2025-33196 • CWE-226: Sensitive Information in Resource Not Removed Before Reuse •