CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-12784 – Certain HP LaserJet Pro Printers – Potential Information Disclosure
https://notcve.org/view.php?id=CVE-2025-12784
13 Nov 2025 — Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server. • https://support.hp.com/us-en/document/ish_13229161-13229183-16/hpsbpi04074 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-64703 – MaxKB has Information Leak in sandbox
https://notcve.org/view.php?id=CVE-2025-64703
13 Nov 2025 — MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations by Python code in tool module, although the process run in sandbox. Version 2.3.1 fixes the issue. • https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-qwvm-x4xh-g2qq • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33119 – IBM QRadar SIEM Information Disclosure
https://notcve.org/view.php?id=CVE-2025-33119
12 Nov 2025 — IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user. • https://www.ibm.com/support/pages/node/7250932 • CWE-260: Password in Configuration File •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27368 – IBM OpenPages Information Disclosure
https://notcve.org/view.php?id=CVE-2025-27368
12 Nov 2025 — IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. • https://www.ibm.com/support/pages/node/7250238 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13042 – Debian Security Advisory 6055-1
https://notcve.org/view.php?id=CVE-2025-13042
12 Nov 2025 — (Chromium security severity: High) A security issue was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_11.html •
CVSS: 8.4EPSS: 20%CPEs: 1EXPL: 0CVE-2025-11700 – N-central importServiceFromFile XXE Injection
https://notcve.org/view.php?id=CVE-2025-11700
12 Nov 2025 — N-central versions < 2025.4 are vulnerable to an XML External Entities injection leading to information disclosure • https://me.n-able.com/s/security-advisory/aArVy0000000rabKAA/cve202511700-ncentral-importservicefromfile-xxe-injection • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-56385
https://notcve.org/view.php?id=CVE-2025-56385
12 Nov 2025 — Successful authentication may lead to authentication bypass, data leakage, or full system compromise of backend database contents. • http://harmony.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-63289
https://notcve.org/view.php?id=CVE-2025-63289
12 Nov 2025 — Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryption_helper.dart file • https://medium.com/@sudosu01/information-disclosure-hardcoded-encryption-keys-fc375abf68a3 • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 9.4EPSS: 0%CPEs: 9EXPL: 0CVE-2025-30398 – Nuance PowerScribe 360 Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-30398
11 Nov 2025 — Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30398 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2025-62209 – Windows License Manager Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-62209
11 Nov 2025 — Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62209 • CWE-532: Insertion of Sensitive Information into Log File •