CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-14007 – TVT NVMS-9000 < 1.3.4 Unauthenticated Administrative Queries & Information Disclosure
https://notcve.org/view.php?id=CVE-2024-14007
24 Nov 2025 — Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR/IPC products) versions prior to 1.3.4 contain an authentication bypass in the NVMS-9000 control protocol. By sending a single crafted TCP payload to an exposed NVMS-9000 control port, an unauthenticated remote attacker can invoke privileged administrative query commands without valid credentials. Successful exploitation discloses sensitive information including administrator usernames and passwords in cleartext,... • https://ssd-disclosure.com/ssd-advisory-nvms9000-information-disclosure • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13389 – Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated Information Disclosure
https://notcve.org/view.php?id=CVE-2025-13389
24 Nov 2025 — The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `get_order_by_id()` function in all versions up to, and including, 14. This makes it possible for unauthenticated attackers to view sensitive WooCommerce order details and private conversation messages between customers and store administrators for any order by supplying an arbitrary order ID. • https://plugins.trac.wordpress.org/browser/admin-and-client-message-after-order-for-woocommerce/tags/14/includes/wprest.class.php#L142 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13596 – Improper Error Handling Leading to Sensitive Information Disclosure in CIGES ≤ 2.15.6
https://notcve.org/view.php?id=CVE-2025-13596
24 Nov 2025 — A sensitive information disclosure vulnerability exists in the error handling component of ATISoluciones CIGES Application version 2.15.6 and earlier. • https://www.atisoluciones.com/incidentes-cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-11368 – LearnPress – WordPress LMS Plugin <= 4.2.9.4 - Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure
https://notcve.org/view.php?id=CVE-2025-11368
20 Nov 2025 — The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. • https://plugins.trac.wordpress.org/browser/learnpress/trunk/inc/rest-api/v1/frontend/class-lp-rest-ajax-controller.php#L23 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-36371 – IBM i Information Disclosure
https://notcve.org/view.php?id=CVE-2025-36371
19 Nov 2025 — IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation. A user with access to the database plan cache could see information they do not have authority to view. • https://www.ibm.com/support/pages/node/7251699 • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-63209
https://notcve.org/view.php?id=CVE-2025-63209
19 Nov 2025 — The ELCA Star Transmitter Remote Control firmware 1.25 for STAR150, BP1000, STAR300, STAR2000, STAR1000, STAR500, and possibly other models, contains an information disclosure vulnerability allowing unauthenticated attackers to retrieve admin credentials and system settings via an unprotected /setup.xml endpoint. • https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63209_ELCA%20Star%20Transmitter%20Remote%20Control%20-%20Information%20Disclosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52639 – HCL Connections is vulnerable to sensitive information disclosure
https://notcve.org/view.php?id=CVE-2025-52639
18 Nov 2025 — HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124241 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-33184
https://notcve.org/view.php?id=CVE-2025-33184
18 Nov 2025 — A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-33184 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-33183
https://notcve.org/view.php?id=CVE-2025-33183
18 Nov 2025 — A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-33183 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 3.7EPSS: 0%CPEs: 4EXPL: 0CVE-2025-13083 – Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008
https://notcve.org/view.php?id=CVE-2025-13083
18 Nov 2025 — Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8. • https://www.drupal.org/sa-core-2025-008 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •