CVSS: 5.5EPSS: %CPEs: 2EXPL: 0CVE-2025-30483
https://notcve.org/view.php?id=CVE-2025-30483
15 Jul 2025 — Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. • https://www.dell.com/support/kbdoc/en-us/000339124/dsa-2025-242-security-update-for-dell-ecs-and-dell-objectscale-insertion-of-sensitive-information-into-log-file-vulnerability • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-48795 – Apache CXF: Denial of Service and sensitive data exposure in logs
https://notcve.org/view.php?id=CVE-2025-48795
15 Jul 2025 — Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory exception. In addition, it is possible to configure CXF to encrypt temporary files to prevent sensitive credentials from being cached unencrypted on the local filesystem, however this bug means that the cached files... • https://lists.apache.org/thread/vo5qv02mvv5plmb6z2xf1ktjmrpv3jmn • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.3EPSS: %CPEs: 1EXPL: 2CVE-2025-34110 – ColoradoFTP Server <= 1.3 Build 8 Path Traversal Information Disclosure
https://notcve.org/view.php?id=CVE-2025-34110
15 Jul 2025 — A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is due to insufficient sanitation of user-supplied file paths in the FTP GET and PUT command handlers. Exploitation is possible by submitting traversal sequences during FTP operations, enabling access to system-sensitive files. This issue affects only the Windows version of ColoradoFTP. • https://www.vulncheck.com/advisories/colorado-ftp-server-path-traversal-information-disclosure • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-306: Missing Authentication for Critical Function CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53623 – Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class
https://notcve.org/view.php?id=CVE-2025-53623
14 Jul 2025 — This vulnerability can be exploited by an attacker to execute arbitrary commands on the system where the application is running, potentially leading to unauthorized access, data leakage, or complete system compromise. • https://github.com/Shopify/job-iteration/commit/1a7adfdd041105a5e45e774cadc6b973a292ba55 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 1CVE-2025-7573 – LB-LINK BL-WR9000 lighttpd.cgi bs_GetManPwd information disclosure
https://notcve.org/view.php?id=CVE-2025-7573
14 Jul 2025 — The manipulation leads to information disclosure. ... The vendor was contacted early about this disclosure but did not respond in any way. ... Durch Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Web_Interface_Login_Credential_Disclosure_Risk_in_Various_Blink_Router_Models.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 1CVE-2025-7572 – LB-LINK BL-WR9000 lighttpd.cgi bs_GetHostInfo information disclosure
https://notcve.org/view.php?id=CVE-2025-7572
14 Jul 2025 — The manipulation leads to information disclosure. ... The vendor was contacted early about this disclosure but did not respond in any way. ... Durch das Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Information_Exposure_Vulnerabilities_in_Various_Blink_Router_Models.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 23EXPL: 1CVE-2025-7565 – LB-LINK BL-AC3600 Web Management Interface lighttpd.cgi geteasycfg information disclosure
https://notcve.org/view.php?id=CVE-2025-7565
14 Jul 2025 — The manipulation of the argument Password leads to information disclosure. ... The vendor was contacted early about this disclosure but did not respond in any way. ... Mit der Manipulation des Arguments Password mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Plaintext_Password_Leakage_in_the_Web_Management_Interface_of_BL-AC3600_Routers.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-36104 – IBM Storage Scale information disclosure
https://notcve.org/view.php?id=CVE-2025-36104
12 Jul 2025 — IBM Storage Scale 5.2.3.0 and 5.2.3.1 could allow an authenticated user to obtain sensitive information from files due to the insecure permissions inherited through the SMB protocol. • https://www.ibm.com/support/pages/node/7239562 • CWE-277: Insecure Inherited Permissions •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53862 – Aap: aap-gateway: automation-hub: sensitive information disclosure
https://notcve.org/view.php?id=CVE-2025-53862
11 Jul 2025 — This flaw allows a malicious user to access data that may contain important information. • https://access.redhat.com/security/cve/CVE-2025-53862 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2942 – Order Delivery Date Pro for WooCommerce < 12.6.0 - Unauthenticated Arbitrary Post Title Disclosure
https://notcve.org/view.php?id=CVE-2025-2942
11 Jul 2025 — The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information • https://wpscan.com/vulnerability/13a87567-2cf7-4bfb-8d63-a8e74950978f •