CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25046 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2025-25046
23 Apr 2025 — IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques. IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques. • https://www.ibm.com/support/pages/node/7231333 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25045 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2025-25045
23 Apr 2025 — IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7231332 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1284 – Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) <= 4.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Order Information Disclosure
https://notcve.org/view.php?id=CVE-2025-1284
23 Apr 2025 — The Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1 via the xc_woo_printer_preview AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user's invoices and orders which can contain sensitive information. El complemento WooCommerce Automatic Order P... • https://codecanyon.net/item/woocommerce-google-cloud-print/21129093 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-42603 – Information Disclosure Vulnerability in Meon KYC solutions
https://notcve.org/view.php?id=CVE-2025-42603
23 Apr 2025 — This vulnerability exists in the Meon KYC solutions due to transmission of sensitive data in plain text within the response payloads of certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting API response that contains unencrypted sensitive information belonging to other users. Successful exploitation of this vulnerability could allow remote attacker to impersonate the target user and gain unauthorized access to the user account. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0082 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 5%CPEs: 1EXPL: 0CVE-2025-3884 – Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-3884
23 Apr 2025 — Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. • https://www.zerodayinitiative.com/advisories/ZDI-25-250 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23253
https://notcve.org/view.php?id=CVE-2025-23253
22 Apr 2025 — A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5644 • CWE-547: Use of Hard-coded, Security-relevant Constants •
CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0632 – Local File Inclusion (LFI) leading to sensitive data exposure
https://notcve.org/view.php?id=CVE-2025-0632
21 Apr 2025 — Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to exfiltrate data including credentials, and with no rate limiting a malicious actor could enumerate the filesystem of the host machine and potentially lead to full host compromise. This issue affects Rock Maker Web: f... • https://www.formulatrix.com/downloads/apps/repository/rockmaker • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39394 – WordPress AnalyticsWP plugin <= 2.1.2 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-39394
18 Apr 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Solid Plugins AnalyticsWP allows Retrieve Embedded Sensitive Data.This issue affects AnalyticsWP: from n/a through 2.1.2. The AnalyticsWP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/analyticswp/vulnerability/wordpress-analyticswp-plugin-2-1-2-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-28235
https://notcve.org/view.php?id=CVE-2025-28235
18 Apr 2025 — An information disclosure vulnerability in the component /socket.io/1/websocket/ of Soundcraft Ui Series Model(s) Ui12 and Ui16 Firmware v1.0.7x and v1.0.5x allows attackers to access Administrator credentials in plaintext. • https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-28235 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26478
https://notcve.org/view.php?id=CVE-2025-26478
17 Apr 2025 — An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure. • https://www.dell.com/support/kbdoc/en-in/000300068/dsa-2025-097-security-update-for-dell-objectscale-4-0-multiple-vulnerabilities • CWE-295: Improper Certificate Validation •