CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39439 – WordPress wpLike2Get plugin <= 1.2.9 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-39439
17 Apr 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Markus Drubba wpLike2Get allows Retrieve Embedded Sensitive Data. This issue affects wpLike2Get: from n/a through 1.2.9. The wpLike2Get plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/wplike2get/vulnerability/wordpress-wplike2get-plugin-1-2-9-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-2073
https://notcve.org/view.php?id=CVE-2025-2073
16 Apr 2025 — Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure • https://issues.chromium.org/issues/b/380043638 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3620 – Debian Security Advisory 5903-1
https://notcve.org/view.php?id=CVE-2025-3620
16 Apr 2025 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3619 – Debian Security Advisory 5903-1
https://notcve.org/view.php?id=CVE-2025-3619
16 Apr 2025 — (Chromium security severity: Critical) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22314 – IBM Storage Defender - Resiliency Service information disclosure
https://notcve.org/view.php?id=CVE-2024-22314
16 Apr 2025 — IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7229903 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39553 – Church Admin <= 5.0.9 - Unauthenticated Information Disclosure
https://notcve.org/view.php?id=CVE-2025-39553
16 Apr 2025 — The Church Admin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39556 – WordPress Mediavine Control Panel plugin <= 2.10.6 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-39556
16 Apr 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mediavine Mediavine Control Panel allows Retrieve Embedded Sensitive Data. This issue affects Mediavine Control Panel: from n/a through 2.10.6. The Mediavine Control Panel plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.10.6. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/mediavine-control-panel/vulnerability/wordpress-mediavine-control-panel-plugin-2-10-6-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39589 – WordPress Essential Addons for Elementor <= 6.1.9 - Sensitive Data Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2025-39589
16 Apr 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Essential Addons for Elementor: from n/a through 6.1.9. The Essential Addons for Elementor – Popular Elementor Addon With Ready Templates, Advanced Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.1.9. This makes it poss... • https://patchstack.com/database/wordpress/plugin/essential-addons-for-elementor-lite/vulnerability/wordpress-essential-addons-for-elementor-6-1-9-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30206 – Dpanel's hard-coded JWT secret leads to remote code execution
https://notcve.org/view.php?id=CVE-2025-30206
15 Apr 2025 — Consequently, this enables full control over the host machine, potentially leading to severe consequences such as sensitive data exposure, unauthorized command execution, privilege escalation, or further lateral movement within the network environment. • https://github.com/donknap/dpanel/security/advisories/GHSA-j752-cjcj-w847 • CWE-321: Use of Hard-coded Cryptographic Key CWE-453: Insecure Default Variable Initialization CWE-547: Use of Hard-coded, Security-relevant Constants •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29817 – Microsoft Power Automate Desktop Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-29817
15 Apr 2025 — Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29817 • CWE-427: Uncontrolled Search Path Element •