CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 3CVE-2023-7328 – Screen SFT DAB 600/C <= 1.9.3 Unauthenticated Information Disclosure
https://notcve.org/view.php?id=CVE-2023-7328
14 Nov 2025 — Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values. • https://www.vulncheck.com/advisories/screen-sft-dab-600c-unauthenticated-information-disclosure • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-13033 – Nodemailer: nodemailer: email to an unintended domain can occur due to interpretation conflict
https://notcve.org/view.php?id=CVE-2025-13033
14 Nov 2025 — This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls. • https://access.redhat.com/security/cve/CVE-2025-13033 • CWE-436: Interpretation Conflict •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4618 – Prisma Browser: Sensitive Information Disclosure Vulnerability in Prisma Browser
https://notcve.org/view.php?id=CVE-2025-4618
14 Nov 2025 — A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. • https://security.paloaltonetworks.com/CVE-2025-4618 • CWE-316: Cleartext Storage of Sensitive Information in Memory •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-63891
https://notcve.org/view.php?id=CVE-2025-63891
14 Nov 2025 — Information Disclosure in web-accessible backup file in SourceCodester Simple Online Book Store System allows a remote unauthenticated attacker to disclose full database contents (including schema and credential hashes) via an unauthenticated HTTP GET request to /obs/database/obs_db.sql. • http://simple.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46370
https://notcve.org/view.php?id=CVE-2025-46370
13 Nov 2025 — A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure. • https://www.dell.com/support/kbdoc/en-us/000379467/dsa-2025-392 • CWE-114: Process Control •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-12785 – Certain HP LaserJet Pro Printers – Potential Information Disclosure
https://notcve.org/view.php?id=CVE-2025-12785
13 Nov 2025 — Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server. • https://support.hp.com/us-en/document/ish_13229161-13229183-16/hpsbpi04074 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-12784 – Certain HP LaserJet Pro Printers – Potential Information Disclosure
https://notcve.org/view.php?id=CVE-2025-12784
13 Nov 2025 — Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server. • https://support.hp.com/us-en/document/ish_13229161-13229183-16/hpsbpi04074 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-64703 – MaxKB has Information Leak in sandbox
https://notcve.org/view.php?id=CVE-2025-64703
13 Nov 2025 — MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations by Python code in tool module, although the process run in sandbox. Version 2.3.1 fixes the issue. • https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-qwvm-x4xh-g2qq • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-64267 – WordPress WooCommerce Ultimate Points And Rewards plugin <= 2.10.2 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-64267
13 Nov 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPSwings WooCommerce Ultimate Points And Rewards woocommerce-ultimate-points-and-rewards allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Ultimate Points And Rewards: from n/a through <= 2.10.2. • https://vdp.patchstack.com/database/Wordpress/Plugin/woocommerce-ultimate-points-and-rewards/vulnerability/wordpress-woocommerce-ultimate-points-and-rewards-plugin-2-10-2-sensitive-data-exposure-vulnerability? • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33119 – IBM QRadar SIEM Information Disclosure
https://notcve.org/view.php?id=CVE-2025-33119
12 Nov 2025 — IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user. • https://www.ibm.com/support/pages/node/7250932 • CWE-260: Password in Configuration File •