CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0981 – Session Hijacking via Stored Cross-Site Scripting (XSS) in ChurchCRM GroupEditor.php Description Field
https://notcve.org/view.php?id=CVE-2025-0981
18 Feb 2025 — It can also lead to information disclosure, as exposed session cookies can be used to impersonate users and gain unauthorised access to sensitive information. It can also lead to information disclosure, as exposed session cookies can be used to impersonate users and gain unauthorised access to sensitive information. It can also lead to information disclosure, as exposed session cookies can be used to impersonate users and gain unauthorised access to se... • https://github.com/ChurchCRM/CRM/issues/7245 • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27013 – WordPress MediCenter theme < 14.7 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-27013
18 Feb 2025 — Missing Authorization vulnerability in EPC MediCenter - Health Medical Clinic WordPress Theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MediCenter - Health Medical Clinic WordPress Theme: from n/a through n/a. The MediCenter - Health Medical Clinic WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 14.6. This makes it possible for unauthenticated attac... • https://patchstack.com/database/wordpress/theme/medicenter/vulnerability/wordpress-medicenter-theme-14-7-sensitive-data-exposure-vulnerability? • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1128 – Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion
https://notcve.org/view.php?id=CVE-2025-1128
17 Feb 2025 — This makes it possible for unauthenticated attackers to upload, read, and delete arbitrary files on the affected site's server which may make remote code execution, sensitive information disclosure, or a site takeover possible. • https://github.com/wpeverest/everest-forms/commit/7d37858d2c614aa107b0f495fe50819a3867e7f5 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1354
https://notcve.org/view.php?id=CVE-2025-1354
16 Feb 2025 — The vendor was contacted early about this disclosure but did not respond in any way. ... This vulnerability caused by improper input validation and can be triggered via the manipulation of the SSID argument in the sysinfo.asp file, leading to disclosure of sensitive information. • https://vuldb.com/?ctiid.295962 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5461 – Command or parameter injection via unique embedded switch SNMP commands.
https://notcve.org/view.php?id=CVE-2024-5461
15 Feb 2025 — Brocade Fabric OS versions prior to 9.2.2 suffer from 10 vulnerabilities including, but not limited to, remote code execution, information disclosure, man-in-the-middle, weak cryptography, and hardcoded key vulnerabilities. • https://packetstorm.news/files/id/190177 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.6EPSS: 0%CPEs: 30EXPL: 0CVE-2022-28693 – hw: cpu: Intel: information disclosure via local access
https://notcve.org/view.php?id=CVE-2022-28693
14 Feb 2025 — Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. ... The unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to enable information disclosure via local access. • https://intel.com/content/www/us/en/security-center/advisory/intel-sa-00707.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-420: Unprotected Alternate Channel •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2022-26083
https://notcve.org/view.php?id=CVE-2022-26083
14 Feb 2025 — Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access. • https://intel.com/content/www/us/en/security-center/advisory/intel-sa-00667.html • CWE-1204: Generation of Weak Initialization Vector (IV) •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12651 – Sensitive Data Exposure in PTT Inc.'
https://notcve.org/view.php?id=CVE-2024-12651
14 Feb 2025 — Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables.This issue affects HGS Mobile App: before 6.5.0. • https://www.usom.gov.tr/bildirim/tr-25-0034 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26758 – WordPress Spotlight Social Feeds plugin <= 1.7.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-26758
14 Feb 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RebelCode Spotlight Social Media Feeds allows Retrieve Embedded Sensitive Data. ... The Spotlight Social Feeds – Block, Shortcode, and Widget plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1. • https://patchstack.com/database/wordpress/plugin/spotlight-social-photo-feeds/vulnerability/wordpress-spotlight-social-feeds-plugin-1-7-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0995 – Debian Security Advisory 5866-1
https://notcve.org/view.php?id=CVE-2025-0995
14 Feb 2025 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html • CWE-416: Use After Free •