CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-32699 – Potential javascript injection attack enabled by Unicode normalization in Action API
https://notcve.org/view.php?id=CVE-2025-32699
10 Apr 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass. • https://phabricator.wikimedia.org/T387130 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-32698 – LogPager.php: Restriction enforcer functions do not correctly enforce suppression restrictions
https://notcve.org/view.php?id=CVE-2025-32698
10 Apr 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass. • https://phabricator.wikimedia.org/T385958 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-32697 – Cascading protection is not preventing file reversions
https://notcve.org/view.php?id=CVE-2025-32697
10 Apr 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass. • https://phabricator.wikimedia.org/T140010 • CWE-281: Improper Preservation of Permissions •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-32696 – "reupload-own" restriction can be bypassed by reverting file
https://notcve.org/view.php?id=CVE-2025-32696
10 Apr 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass. • https://phabricator.wikimedia.org/T304474 • CWE-281: Improper Preservation of Permissions •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3469 – i18n XSS vulnerability in HTMLMultiSelectField when sections are used
https://notcve.org/view.php?id=CVE-2025-3469
10 Apr 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass. • https://phabricator.wikimedia.org/T358689 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43035 – IBM Sterling Control Center information disclosure
https://notcve.org/view.php?id=CVE-2023-43035
10 Apr 2025 — IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system. • https://www.ibm.com/support/pages/node/7230561 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-23378
https://notcve.org/view.php?id=CVE-2025-23378
10 Apr 2025 — A low privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. • https://www.dell.com/support/kbdoc/en-us/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-2632 – Out of Bounds Write Vulnerability in NI LabVIEW reading CPU info from cache
https://notcve.org/view.php?id=CVE-2025-2632
09 Apr 2025 — Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may result in information disclosure or arbitrary code execution. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-vulnerabilities-in-ni-labview.html • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-2631 – Out of Bounds Write Vulnerability in NI LabVIEW in InitCPUInformation()
https://notcve.org/view.php?id=CVE-2025-2631
09 Apr 2025 — Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result in information disclosure or arbitrary code execution. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-vulnerabilities-in-ni-labview.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32375 – Insecure Deserialization leads to RCE in BentoML's runner server
https://notcve.org/view.php?id=CVE-2025-32375
09 Apr 2025 — Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized arbitrary code on the server, which will grant the attackers to have the initial access and information disclosure on the server. • https://github.com/bentoml/BentoML/security/advisories/GHSA-7v4r-c989-xh26 • CWE-502: Deserialization of Untrusted Data •