CVSS: 7.5EPSS: %CPEs: 1EXPL: 0CVE-2025-64302 – Advantech DeviceOn/iEdge Cross-site Scripting
https://notcve.org/view.php?id=CVE-2025-64302
06 Nov 2025 — Insufficient input sanitization in the dashboard label or path can allow an attacker to trigger a device error causing information disclosure or data manipulation. • https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-01.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: %CPEs: -EXPL: 0CVE-2022-50591 – Advantech iView < v5.7.04 Build 6425 ztp_config_id Parameter SQL Injection Information Disclosure
https://notcve.org/view.php?id=CVE-2022-50591
06 Nov 2025 — Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_config_id’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords. • https://blog.exodusintel.com/2022/03/01/advantech-iview-ztp_config_id-parameter-sql-injection-information-disclosure-vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-306: Missing Authentication for Critical Function •
CVSS: 9.3EPSS: %CPEs: -EXPL: 0CVE-2022-50592 – Advantech iView < v5.7.04 Build 6425 getInventoryReportData Parameter SQL Injection RCE
https://notcve.org/view.php?id=CVE-2022-50592
06 Nov 2025 — Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges. • https://blog.exodusintel.com/2022/03/01/advantech-iview-getinventoryreportdata-parameter-sql-injection-information-disclosure • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: %CPEs: -EXPL: 0CVE-2022-50594 – Advantech iView < v5.7.04 Build 6425 data Parameter SQL Injection Information Disclosure
https://notcve.org/view.php?id=CVE-2022-50594
06 Nov 2025 — Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘data’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords. • https://www.vulncheck.com/advisories/advantech-iview-data-parameter-sqli-information-disclosure • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: %CPEs: -EXPL: 0CVE-2025-60188 – WordPress Atarim plugin <= 4.2 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-60188
06 Nov 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2. • https://vdp.patchstack.com/database/Wordpress/Plugin/atarim-visual-collaboration/vulnerability/wordpress-atarim-plugin-4-2-sensitive-data-exposure-vulnerability-2 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-31954 – HCL iAutomate is susceptible to a sensitive information disclosure
https://notcve.org/view.php?id=CVE-2025-31954
05 Nov 2025 — HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0125011 • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 4.3EPSS: 0%CPEs: 43EXPL: 0CVE-2025-20377 – Cisco Unified Intelligence Center API Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-20377
05 Nov 2025 — A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific API endpoint within the affected system. A successful exploit could allow a low-privileged user to view sensitive information on the affected system that should b... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-mult-vuln-gK4TFXSn • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52602 – HCL BigFix Query is affected by a sensitive information disclosure vulnerability in the WebUI Query application
https://notcve.org/view.php?id=CVE-2025-52602
05 Nov 2025 — HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124950 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-31133 – runc container escape via "masked path" abuse due to mount race conditions
https://notcve.org/view.php?id=CVE-2025-31133
05 Nov 2025 — This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. • https://github.com/opencontainers/runc/commit/1a30a8f3d921acbbb6a4bb7e99da2c05f8d48522 • CWE-61: UNIX Symbolic Link (Symlink) Following CWE-363: Race Condition Enabling Link Following •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12192 – The Events Calendar <= 6.15.9 - Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information Exposure
https://notcve.org/view.php?id=CVE-2025-12192
04 Nov 2025 — The Events Calendar plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 6.15.9. • https://plugins.trac.wordpress.org/changeset/3386042/the-events-calendar • CWE-697: Incorrect Comparison •