CVSS: 10.0EPSS: %CPEs: 1EXPL: 0CVE-2025-33208
https://notcve.org/view.php?id=CVE-2025-33208
03 Dec 2025 — A successful exploit of this vulnerability may lead to escalation of privileges, data tampering, denial of service, information disclosure. • https://nvd.nist.gov/vuln/detail/CVE-2025-33208 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-13947 – Webkit: webkitgtk: remote user-assisted information disclosure via file drag-and-drop
https://notcve.org/view.php?id=CVE-2025-13947
03 Dec 2025 — This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser. • https://access.redhat.com/security/cve/CVE-2025-13947 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-58113
https://notcve.org/view.php?id=CVE-2025-58113
02 Dec 2025 — By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. • https://talosintelligence.com/vulnerability_reports/TALOS-2025-2280 • CWE-125: Out-of-bounds Read •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-41066 – Disclosure of sensitive information in Horde Groupware
https://notcve.org/view.php?id=CVE-2025-41066
02 Dec 2025 — Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including the parameters ‘id’ and ‘u’. If the specified user exists, the server will return the download of an empty file; if it does not exist, no download will be initiated, which unequivocally reveals the validity of the user. • https://www.incibe.es/en/incibe-cert/notices/aviso/disclosure-sensitive-information-horde-groupware • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13295 – Sensitive Data Exposure in ArgusTech's BILGER
https://notcve.org/view.php?id=CVE-2025-13295
02 Dec 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in Argus Technology Inc. • https://www.usom.gov.tr/bildirim/tr-25-0423 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20789
https://notcve.org/view.php?id=CVE-2025-20789
02 Dec 2025 — In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/December-2025 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-66307 – Grav Admin Plugin vulnerable to User Enumeration & Email Disclosure
https://notcve.org/view.php?id=CVE-2025-66307
01 Dec 2025 — Prior to 1.11.0-beta.1, a user enumeration and email disclosure vulnerability exists in Grav. The "Forgot Password" functionality at /admin/forgot leaks information about valid usernames and their associated email addresses through distinct server responses. • https://github.com/getgrav/grav-plugin-admin/commit/99f653296504f1d6408510dd2f6f20a45a26f9b0 • CWE-204: Observable Response Discrepancy •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-66306 – Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel
https://notcve.org/view.php?id=CVE-2025-66306
01 Dec 2025 — Prior to 1.8.0-beta.27, there is an IDOR (Insecure Direct Object Reference) vulnerability in the Grav CMS Admin Panel which allows low-privilege users to access sensitive information from other accounts. • https://github.com/getgrav/grav/commit/b7e1958a6e807ac14919447b60e5204a2ea77f62 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13696 – Zigaform <= 7.6.5 - Unauthenticated Form Submission Data Disclosure in rocket_front_payment_seesummary AJAX Endpoint
https://notcve.org/view.php?id=CVE-2025-13696
01 Dec 2025 — The Zigaform plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.6.5. ... This makes it possible for unauthenticated attackers to extract sensitive form submission data including personal information, payment details, and other private data via the rocket_front_payment_seesummary action by enumerating sequential form_r_id values. • https://github.com/Softdiscover/Zigaform-WP-Cost-Estimator-Lite/commit/f129d8dd1fb3ab0535c7eb18d52fc49141ab36c8 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48894
https://notcve.org/view.php?id=CVE-2024-48894
01 Dec 2025 — A specially crafted HTTP request can lead to a disclosure of sensitive information. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2115 • CWE-319: Cleartext Transmission of Sensitive Information •