CVSS: 5.1EPSS: %CPEs: 1EXPL: 0CVE-2018-25111
https://notcve.org/view.php?id=CVE-2018-25111
31 May 2025 — django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in models.py. • https://github.com/django-helpdesk/django-helpdesk/issues/591 • CWE-277: Insecure Inherited Permissions •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-48331 – WordPress WooCommerce Orders & Customers Exporter <= 5.0 - Sensitive Data Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2025-48331
30 May 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in Vanquish WooCommerce Orders & Customers Exporter allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Orders & Customers Exporter: from n/a through 5.0. • https://patchstack.com/database/wordpress/plugin/woocommerce-orders-customers-exporter/vulnerability/wordpress-woocommerce-orders-customers-exporter-5-0-sensitive-data-exposure-vulnerability? • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48381 – CVAT has information disclosure via browsable API
https://notcve.org/view.php?id=CVE-2025-48381
30 May 2025 — In addition, if the instance contains many resources of a particular type, retrieving this information may tie up system resources, denying access to legitimate users. • https://github.com/cvat-ai/cvat/commit/7136c99fb2c3a5cb2d8c3ca54b4201b9fa6aab5a • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5054 – Race Condition in Canonical Apport
https://notcve.org/view.php?id=CVE-2025-5054
30 May 2025 — Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. ... Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. ... An attacker could possibly use this issue to leak sensitive information. • https://ubuntu.com/security/CVE-2025-5054 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32752
https://notcve.org/view.php?id=CVE-2025-32752
29 May 2025 — Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure. • https://www.dell.com/support/kbdoc/en-us/000325632/dsa-2025-225 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46722 – vLLM has a Weakness in MultiModalHasher Image Hashing Implementation
https://notcve.org/view.php?id=CVE-2025-46722
29 May 2025 — This may lead to hash collisions, incorrect cache hits, and even data leakage or security risks. • https://github.com/vllm-project/vllm/commit/99404f53c72965b41558aceb1bc2380875f5d848 • CWE-1023: Incomplete Comparison with Missing Factors CWE-1288: Improper Validation of Consistency within Input •
CVSS: 9.4EPSS: 0%CPEs: 72EXPL: 0CVE-2025-3755 – Information Disclosure and Denial-of-Service(DoS) Vulnerability in MELSEC iQ-F Series CPU module
https://notcve.org/view.php?id=CVE-2025-3755
29 May 2025 — Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or to stop the operation of the CPU module (causing a DoS condtion on the CPU module), by sending specially crafted packets. • https://jvn.jp/vu/JVNVU94070048 • CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 5.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47056 – Mautic does not shield .env files from web traffic
https://notcve.org/view.php?id=CVE-2024-47056
28 May 2025 — This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system configurations. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system configurations. Sensitive Information Disclosure via .env File Exposure: The .env file, which typically contains environment variables and sensitive application configurations, is directly acces... • https://github.com/mautic/mautic/security/advisories/GHSA-h2wg-v8wg-jhxh • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-5257 – Predictable Page Indexing Might Lead to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2025-5257
28 May 2025 — This could lead to the unintended disclosure of draft content or sensitive information. ... This could lead to the unintended disclosure of draft content or sensitive information. • https://github.com/mautic/mautic/security/advisories/GHSA-cqx4-9vqf-q3m8 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38341 – IBM Sterling Secure Proxy information disclosure
https://notcve.org/view.php?id=CVE-2024-38341
28 May 2025 — IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7234888 • CWE-328: Use of Weak Hash •