CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-36371 – IBM i Information Disclosure
https://notcve.org/view.php?id=CVE-2025-36371
19 Nov 2025 — IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation. A user with access to the database plan cache could see information they do not have authority to view. • https://www.ibm.com/support/pages/node/7251699 • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-63209
https://notcve.org/view.php?id=CVE-2025-63209
19 Nov 2025 — The ELCA Star Transmitter Remote Control firmware 1.25 for STAR150, BP1000, STAR300, STAR2000, STAR1000, STAR500, and possibly other models, contains an information disclosure vulnerability allowing unauthenticated attackers to retrieve admin credentials and system settings via an unprotected /setup.xml endpoint. • https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63209_ELCA%20Star%20Transmitter%20Remote%20Control%20-%20Information%20Disclosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52639 – HCL Connections is vulnerable to sensitive information disclosure
https://notcve.org/view.php?id=CVE-2025-52639
18 Nov 2025 — HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124241 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13085 – SiteSEO – SEO Simplified <= 1.3.2 - Insecure Direct Object Reference to Sensitive Post Meta Disclosure
https://notcve.org/view.php?id=CVE-2025-13085
18 Nov 2025 — The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Improper Authorization leading to Sensitive Post Meta Disclosure in versions up to and including 1.3.2. ... In affected WooCommerce installations, this exposes sensitive customer billing information including names, email addresses, phone numbers, physical addresses, and payment methods. • https://plugins.trac.wordpress.org/browser/siteseo/trunk/main/admin.php#L106 • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-33184
https://notcve.org/view.php?id=CVE-2025-33184
18 Nov 2025 — A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-33184 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-33183
https://notcve.org/view.php?id=CVE-2025-33183
18 Nov 2025 — A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-33183 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-13083 – Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008
https://notcve.org/view.php?id=CVE-2025-13083
18 Nov 2025 — Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8. • https://www.drupal.org/sa-core-2025-008 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12770 – New User Approve <= 3.0.9 - Unauthenticated Sensitive Information Disclosure via Type Juggling
https://notcve.org/view.php?id=CVE-2025-12770
18 Nov 2025 — The New User Approve plugin for WordPress is vulnerable to unauthorized data disclosure in all versions up to, and including, 3.0.9 due to insufficient API key validation using loose equality comparison. This makes it possible for unauthenticated attackers to retrieve personally identifiable information (PII), including usernames and email addresses of users with various approval statuses via the Zapier REST API endpoints, by exploiting PHP type juggling with the api_key parameter set to "0" o... • https://plugins.trac.wordpress.org/browser/new-user-approve/tags/3.0.9/includes/zapier/includes/rest-api.php#L104 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-58122 – Insufficient permission validation when configuring notification parameters
https://notcve.org/view.php?id=CVE-2025-58122
18 Nov 2025 — Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure. • https://checkmk.com/werk/18982 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-63602
https://notcve.org/view.php?id=CVE-2025-63602
18 Nov 2025 — This can result in local privilege escalation, information disclosure, denial of service, and other unspecified impacts. • https://dreadsec.co/p/cve-2025-63602-hijacking-system-calls-with-a-popular-crypto-miner.html • CWE-126: Buffer Over-read •