CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1426 – Debian Security Advisory 5869-1
https://notcve.org/view.php?id=CVE-2025-1426
19 Feb 2025 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0999 – Debian Security Advisory 5869-1
https://notcve.org/view.php?id=CVE-2025-0999
19 Feb 2025 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20158 – Cisco Video Phone 8875 and Desk Phone 9800 Series Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-20158
19 Feb 2025 — A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials with SSH access on the affected device. SSH access is disabled by default. This vulnerability is due to insufficient validation of user-supplied input by the debug shell of an affected device. An attacker could exploit this vulnera... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-info-disc-YyxsWStK • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28780 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2024-28780
19 Feb 2025 — IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 Rich Client uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7183597 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52902 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2024-52902
19 Feb 2025 — IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system. • https://www.ibm.com/support/pages/node/7183597 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0981 – Session Hijacking via Stored Cross-Site Scripting (XSS) in ChurchCRM GroupEditor.php Description Field
https://notcve.org/view.php?id=CVE-2025-0981
18 Feb 2025 — It can also lead to information disclosure, as exposed session cookies can be used to impersonate users and gain unauthorised access to sensitive information. It can also lead to information disclosure, as exposed session cookies can be used to impersonate users and gain unauthorised access to sensitive information. It can also lead to information disclosure, as exposed session cookies can be used to impersonate users and gain unauthorised access to sensitive inform... • https://github.com/ChurchCRM/CRM/issues/7245 • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27013 – WordPress MediCenter theme < 14.7 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-27013
18 Feb 2025 — Missing Authorization vulnerability in EPC MediCenter - Health Medical Clinic WordPress Theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MediCenter - Health Medical Clinic WordPress Theme: from n/a through n/a. The MediCenter - Health Medical Clinic WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 14.6. This makes it possible for unauthenticated attac... • https://patchstack.com/database/wordpress/theme/medicenter/vulnerability/wordpress-medicenter-theme-14-7-sensitive-data-exposure-vulnerability? • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1128 – Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion
https://notcve.org/view.php?id=CVE-2025-1128
17 Feb 2025 — This makes it possible for unauthenticated attackers to upload, read, and delete arbitrary files on the affected site's server which may make remote code execution, sensitive information disclosure, or a site takeover possible. • https://github.com/wpeverest/everest-forms/commit/7d37858d2c614aa107b0f495fe50819a3867e7f5 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5461 – Command or parameter injection via unique embedded switch SNMP commands.
https://notcve.org/view.php?id=CVE-2024-5461
15 Feb 2025 — Brocade Fabric OS versions prior to 9.2.2 suffer from 10 vulnerabilities including, but not limited to, remote code execution, information disclosure, man-in-the-middle, weak cryptography, and hardcoded key vulnerabilities. • https://packetstorm.news/files/id/190177 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.6EPSS: 0%CPEs: 30EXPL: 0CVE-2022-28693 – hw: cpu: Intel: information disclosure via local access
https://notcve.org/view.php?id=CVE-2022-28693
14 Feb 2025 — Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. ... The unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to enable information disclosure via local access. • https://intel.com/content/www/us/en/security-center/advisory/intel-sa-00707.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-420: Unprotected Alternate Channel •