CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-36161 – IBM Concert Software Information Disclosure
https://notcve.org/view.php?id=CVE-2025-36161
20 Nov 2025 — IBM Concert 1.0.0 through 2.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict-Transport-Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. • https://www.ibm.com/support/pages/node/7252019 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-61138
https://notcve.org/view.php?id=CVE-2025-61138
20 Nov 2025 — Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory. • https://gist.github.com/Israel0x00/8a81ec98162e9ca8e4a3a6c8b4ef4762 • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-36371 – IBM i Information Disclosure
https://notcve.org/view.php?id=CVE-2025-36371
19 Nov 2025 — IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation. A user with access to the database plan cache could see information they do not have authority to view. • https://www.ibm.com/support/pages/node/7251699 • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-63209
https://notcve.org/view.php?id=CVE-2025-63209
19 Nov 2025 — The ELCA Star Transmitter Remote Control firmware 1.25 for STAR150, BP1000, STAR300, STAR2000, STAR1000, STAR500, and possibly other models, contains an information disclosure vulnerability allowing unauthenticated attackers to retrieve admin credentials and system settings via an unprotected /setup.xml endpoint. • https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63209_ELCA%20Star%20Transmitter%20Remote%20Control%20-%20Information%20Disclosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52639 – HCL Connections is vulnerable to sensitive information disclosure
https://notcve.org/view.php?id=CVE-2025-52639
18 Nov 2025 — HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124241 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-33184
https://notcve.org/view.php?id=CVE-2025-33184
18 Nov 2025 — A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-33184 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-33183
https://notcve.org/view.php?id=CVE-2025-33183
18 Nov 2025 — A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-33183 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 3.7EPSS: 0%CPEs: 4EXPL: 0CVE-2025-13083 – Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008
https://notcve.org/view.php?id=CVE-2025-13083
18 Nov 2025 — Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8. • https://www.drupal.org/sa-core-2025-008 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12770 – New User Approve <= 3.0.9 - Unauthenticated Sensitive Information Disclosure via Type Juggling
https://notcve.org/view.php?id=CVE-2025-12770
18 Nov 2025 — The New User Approve plugin for WordPress is vulnerable to unauthorized data disclosure in all versions up to, and including, 3.0.9 due to insufficient API key validation using loose equality comparison. This makes it possible for unauthenticated attackers to retrieve personally identifiable information (PII), including usernames and email addresses of users with various approval statuses via the Zapier REST API endpoints, by exploiting PHP type juggling with the api_key parameter set to "0" on sites where ... • https://plugins.trac.wordpress.org/browser/new-user-approve/tags/3.0.9/includes/zapier/includes/rest-api.php#L104 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-58122 – Insufficient permission validation when configuring notification parameters
https://notcve.org/view.php?id=CVE-2025-58122
18 Nov 2025 — Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure. • https://checkmk.com/werk/18982 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •