CVSS: 7.1EPSS: %CPEs: 7EXPL: 0CVE-2025-41239 – vSockets information-disclosure vulnerability
https://notcve.org/view.php?id=CVE-2025-41239
15 Jul 2025 — VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak memory from processes communicating with vSoc... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: %CPEs: 2EXPL: 0CVE-2025-30483
https://notcve.org/view.php?id=CVE-2025-30483
15 Jul 2025 — A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. • https://www.dell.com/support/kbdoc/en-us/000339124/dsa-2025-242-security-update-for-dell-ecs-and-dell-objectscale-insertion-of-sensitive-information-into-log-file-vulnerability • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.6EPSS: %CPEs: 4EXPL: 0CVE-2025-48795 – Apache CXF: Denial of Service and sensitive data exposure in logs
https://notcve.org/view.php?id=CVE-2025-48795
15 Jul 2025 — Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory exception. In addition, it is possible to configure CXF to encrypt temporary files to prevent sensitive credentials from being cached unencrypted on the local filesystem, however this bug means that the cached files... • https://lists.apache.org/thread/vo5qv02mvv5plmb6z2xf1ktjmrpv3jmn • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.3EPSS: %CPEs: 1EXPL: 2CVE-2025-34110 – ColoradoFTP Server <= 1.3 Build 8 Path Traversal Information Disclosure
https://notcve.org/view.php?id=CVE-2025-34110
15 Jul 2025 — A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is due to insufficient sanitation of user-supplied file paths in the FTP GET and PUT command handlers. Exploitation is possible by submitting traversal sequences during FTP operations, enabling access to system-sensitive files. This issue affects only the Windows version of ColoradoFTP. • https://www.vulncheck.com/advisories/colorado-ftp-server-path-traversal-information-disclosure • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-306: Missing Authentication for Critical Function CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.0EPSS: %CPEs: -EXPL: 0CVE-2025-53025 – Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-53025
15 Jul 2025 — Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to... • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-269: Improper Privilege Management •
CVSS: 6.0EPSS: %CPEs: -EXPL: 0CVE-2025-53026 – Oracle VirtualBox LSILogic Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-53026
15 Jul 2025 — Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to... • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53623 – Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class
https://notcve.org/view.php?id=CVE-2025-53623
14 Jul 2025 — This vulnerability can be exploited by an attacker to execute arbitrary commands on the system where the application is running, potentially leading to unauthorized access, data leakage, or complete system compromise. • https://github.com/Shopify/job-iteration/commit/1a7adfdd041105a5e45e774cadc6b973a292ba55 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 1CVE-2025-7573 – LB-LINK BL-WR9000 lighttpd.cgi bs_GetManPwd information disclosure
https://notcve.org/view.php?id=CVE-2025-7573
14 Jul 2025 — The manipulation leads to information disclosure. ... Durch Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Web_Interface_Login_Credential_Disclosure_Risk_in_Various_Blink_Router_Models.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 1CVE-2025-7572 – LB-LINK BL-WR9000 lighttpd.cgi bs_GetHostInfo information disclosure
https://notcve.org/view.php?id=CVE-2025-7572
14 Jul 2025 — The manipulation leads to information disclosure. ... Durch das Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Information_Exposure_Vulnerabilities_in_Various_Blink_Router_Models.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 23EXPL: 1CVE-2025-7565 – LB-LINK BL-AC3600 Web Management Interface lighttpd.cgi geteasycfg information disclosure
https://notcve.org/view.php?id=CVE-2025-7565
14 Jul 2025 — The manipulation of the argument Password leads to information disclosure. ... Mit der Manipulation des Arguments Password mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Plaintext_Password_Leakage_in_the_Web_Management_Interface_of_BL-AC3600_Routers.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •