
CVE-2025-8226 – yanyutao0402 ChanCMS find information disclosure
https://notcve.org/view.php?id=CVE-2025-8226
27 Jul 2025 — The manipulation of the argument accessKey/secretKey leads to information disclosure. ... Mit der Manipulation des Arguments accessKey/secretKey mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://vuldb.com/?id.317814 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •

CVE-2025-5120 – Sandbox Escape Vulnerability in huggingface/smolagents
https://notcve.org/view.php?id=CVE-2025-5120
27 Jul 2025 — This flaw undermines the core security boundary intended to isolate untrusted code, posing risks such as unauthorized code execution, data leakage, and potential integration-level compromise. • https://huntr.com/bounties/63ab1cfe-b573-4cf5-a7d3-fb6c957e34b0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2025-8205 – Comodo Dragon IP DNS Leakage Detector cleartext transmission
https://notcve.org/view.php?id=CVE-2025-8205
26 Jul 2025 — The manipulation leads to cleartext transmission of sensitive information. ... The vendor was contacted early about this disclosure but did not respond in any way. ... Mittels Manipulieren mit unbekannten Daten kann eine cleartext transmission of sensitive information-Schwachstelle ausgenutzt werden. • https://vuldb.com/?id.317774 • CWE-310: Cryptographic Issues CWE-319: Cleartext Transmission of Sensitive Information •

CVE-2025-3508 – Certain HP DesignJet products – Information disclosure
https://notcve.org/view.php?id=CVE-2025-3508
25 Jul 2025 — Certain HP DesignJet products may be vulnerable to information disclosure though printer's web interface allowing unauthenticated users to view sensitive print job information. Certain HP DesignJet products may be vulnerable to information disclosure though printer's web... • https://support.hp.com/us-en/document/ish_12798086-12798125-16/hpsbpi04039 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2020-36850 – Sitecore JSS React Sample Application 11.0.0 - 14.0.1 Information Disclosure
https://notcve.org/view.php?id=CVE-2020-36850
25 Jul 2025 — An information disclosure vulnerability exits in Sitecore JSS React Sample Application 11.0.0 - 14.0.1 that may cause page content intended for one user to be shown to another user. An information disclosure vulnerability exits in Sitecore JSS React Sample Application 11.0.0 -... • https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB0750906 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2025-30086
https://notcve.org/view.php?id=CVE-2025-30086
25 Jul 2025 — CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. ... An attacker with administrator access could exploit this to leak highly sensitive information stored in the Harbor database. • https://github.com/goharbor/harbor/releases • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2025-31955 – HCL iAutomate is affected by a sensitive data exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-31955
24 Jul 2025 — HCL iAutomate is affected by a sensitive data exposure vulnerability. This issue may allow unauthorized access to sensitive information within the system. HCL iAutomate is affected by a sensitive data exposure vulnerability. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0122646 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2025-33013 – IBM MQ Operator information disclosure
https://notcve.org/view.php?id=CVE-2025-33013
24 Jul 2025 — IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release. • https://www.ibm.com/support/pages/node/7240431 • CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection') •

CVE-2025-36005 – IBM MQ Operator information disclosure
https://notcve.org/view.php?id=CVE-2025-36005
24 Jul 2025 — IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation. • https://www.ibm.com/support/pages/node/7240431 • CWE-295: Improper Certificate Validation •

CVE-2025-2634 – Out of Bounds Read Vulnerability in NI LabVIEW when building font map
https://notcve.org/view.php?id=CVE-2025-2634
23 Jul 2025 — Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in information disclosure or arbitrary code execution. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-vulnerabilities-in-ni-labview.html • CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •