CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68460
https://notcve.org/view.php?id=CVE-2025-68460
18 Dec 2025 — Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer. • https://github.com/roundcube/roundcubemail/commit/08de250fba731b634bed188bbe18d2f6ef3c7571 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-63948
https://notcve.org/view.php?id=CVE-2025-63948
18 Dec 2025 — An attacker can execute arbitrary SQL commands via the dbname parameter, potentially leading to information disclosure or database manipulation. • https://github.com/solonbarroso/vulnerability-research/blob/main/advisories/phpMsAdmin/CVE-2025-63948.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-34441 – AVideo < 20.1 User Information Disclosure via Public API
https://notcve.org/view.php?id=CVE-2025-34441
17 Dec 2025 — AVideo versions prior to 20.0 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations. AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations. • https://www.vulncheck.com/advisories/avideo-user-information-disclosure-via-public-api • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-11009 – Information Disclosure Vulnerability in GT Designer3
https://notcve.org/view.php?id=CVE-2025-11009
17 Dec 2025 — Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GT Designer3 Version1 (GOT2000) all versions and Mitsubishi Electric GT Designer3 Version1 (GOT1000) all versions allows a local unauthenticated attacker to obtain plaintext credentials from the project file for GT Designer3. This could allow the attacker to operate illegally GOT2000 series or GOT1000 series by using the obtained credentials. • https://jvn.jp/vu/JVNVU99629801 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13641 – Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 3.59.12 - Authenticated (Contributor+) Local File Inclusion via 'template'
https://notcve.org/view.php?id=CVE-2025-13641
17 Dec 2025 — Successful exploitation could lead to information disclosure, code execution in the WordPress context, and potential remote code execution if combined with arbitrary file upload capabilities. • https://plugins.trac.wordpress.org/browser/nextgen-gallery/trunk/src/DisplayType/Controller.php#L369 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-14766 – openSUSE Security Advisory - openSUSE-SU-2025:0476-1
https://notcve.org/view.php?id=CVE-2025-14766
16 Dec 2025 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_16.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-14765 – openSUSE Security Advisory - openSUSE-SU-2025:0476-1
https://notcve.org/view.php?id=CVE-2025-14765
16 Dec 2025 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_16.html • CWE-416: Use After Free •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53619
https://notcve.org/view.php?id=CVE-2025-53619
16 Dec 2025 — A specially crafted DICOM file can lead to an information leak. • https://talosintelligence.com/vulnerability_reports/TALOS-2025-2210 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53618
https://notcve.org/view.php?id=CVE-2025-53618
16 Dec 2025 — A specially crafted DICOM file can lead to an information leak. • https://talosintelligence.com/vulnerability_reports/TALOS-2025-2210 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52582
https://notcve.org/view.php?id=CVE-2025-52582
16 Dec 2025 — A specially crafted DICOM file can lead to an information leak. • https://talosintelligence.com/vulnerability_reports/TALOS-2025-2211 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •