CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3654 – Petlibro Smart Pet Feeder Platform through 1.7.31 Information Disclosure via API endpoint
https://notcve.org/view.php?id=CVE-2025-3654
03 Jan 2026 — Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. • https://www.vulncheck.com/advisories/petlibro-smart-pet-feeder-platform-through-information-disclosure-via-api-endpoint • CWE-612: Improper Authorization of Index Containing Sensitive Information •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3652 – Petlibro Smart Pet Feeder Platform through 1.7.31 Audio Information Disclosure via API endpoint
https://notcve.org/view.php?id=CVE-2025-3652
03 Jan 2026 — Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to private audio recordings by exploiting sequential audio IDs and insecure assignment endpoints. • https://www.vulncheck.com/advisories/petlibro-smart-pet-feeder-platform-through-audio-information-disclosure-via-api-endpoint • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-34171 – CasaOS <= 0.4.15 Unauthenticated File and Debug Data Exposure
https://notcve.org/view.php?id=CVE-2025-34171
02 Jan 2026 — CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. ... Additionally, /v1/sys/debug discloses host operating system, kernel, hardware, and storage information. ... This information disclosure can be used for reconnaissance and to facilitate targeted follow-up attacks against services deployed on the host. • https://casaos.zimaspace.com • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-69203 – Signal K Server Vulnerable to Access Request Spoofing
https://notcve.org/view.php?id=CVE-2025-69203
01 Jan 2026 — Versions prior to 2.19.0 of the access request system have two related features that when combined by themselves and with an information disclosure vulnerability enable convincing social engineering attacks against administrators. ... Since device/source names can be enumerated via the information disclosure vulnerability, an attacker can impersonate a legitimate device or source, craft a convincing description, spoof a trusted internal IP address, and request elevated permission... • https://github.com/SignalK/signalk-server/releases/tag/v2.19.0 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-68273 – Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints
https://notcve.org/view.php?id=CVE-2025-68273
01 Jan 2026 — An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and installed analyzer tools. • https://github.com/SignalK/signalk-server/releases/tag/v2.19.0 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-49340 – WordPress Direct Payments WP plugin <= 1.3.0 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-49340
31 Dec 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Digages Direct Payments WP allows Retrieve Embedded Sensitive Data.This issue affects Direct Payments WP: from n/a through 1.3.0. • https://vdp.patchstack.com/database/wordpress/plugin/direct-payments-wp/vulnerability/wordpress-direct-payments-wp-plugin-1-3-0-sensitive-data-exposure-vulnerability? • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-62083 – WordPress BoomDevs WordPress Coming Soon plugin plugin <= 1.0.4 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-62083
31 Dec 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah BoomDevs WordPress Coming Soon Plugin allows Retrieve Embedded Sensitive Data.This issue affects BoomDevs WordPress Coming Soon Plugin: from n/a through 1.0.4. • https://vdp.patchstack.com/database/wordpress/plugin/coming-soon-by-boomdevs/vulnerability/wordpress-boomdevs-wordpress-coming-soon-plugin-plugin-1-0-4-sensitive-data-exposure-vulnerability? • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-62143 – WordPress Post Video Players plugin <= 1.163 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-62143
31 Dec 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in nicashmu Post Video Players allows Retrieve Embedded Sensitive Data.This issue affects Post Video Players: from n/a through 1.163. • https://vdp.patchstack.com/database/wordpress/plugin/video-playlist-and-gallery-plugin/vulnerability/wordpress-post-video-players-plugin-1-163-sensitive-data-exposure-vulnerability? • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-62114 – WordPress Download Media Library plugin <= 0.2.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-62114
31 Dec 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcelo Torres Download Media Library allows Retrieve Embedded Sensitive Data.This issue affects Download Media Library: from n/a through 0.2.1. • https://vdp.patchstack.com/database/wordpress/plugin/download-media-library/vulnerability/wordpress-download-media-library-plugin-0-2-1-sensitive-data-exposure-vulnerability? • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-62126 – WordPress Varnish/Nginx Proxy Caching plugin <= 1.8.3 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-62126
31 Dec 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching allows Retrieve Embedded Sensitive Data.This issue affects Varnish/Nginx Proxy Caching: from n/a through 1.8.3. • https://vdp.patchstack.com/database/wordpress/plugin/vcaching/vulnerability/wordpress-varnish-nginx-proxy-caching-plugin-1-8-3-sensitive-data-exposure-vulnerability? • CWE-201: Insertion of Sensitive Information Into Sent Data •