CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25029 – IBM Security Guardium information disclosure
https://notcve.org/view.php?id=CVE-2025-25029
28 May 2025 — IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input. • https://www.ibm.com/support/pages/node/7234827 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25026 – IBM Security Guardium information disclosure
https://notcve.org/view.php?id=CVE-2025-25026
28 May 2025 — IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check. • https://www.ibm.com/support/pages/node/7234827 • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25025 – IBM Security Guardium information disclosure
https://notcve.org/view.php?id=CVE-2025-25025
28 May 2025 — IBM Security Guardium 12.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7234827 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27701
https://notcve.org/view.php?id=CVE-2025-27701
27 May 2025 — Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure. • https://source.android.com/security/bulletin/pixel/2025-05-01 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56193
https://notcve.org/view.php?id=CVE-2024-56193
27 May 2025 — This could lead to local information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2025-05-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-5266 – firefox: thunderbird: Script element events leaked cross-origin resource status
https://notcve.org/view.php?id=CVE-2025-5266
27 May 2025 — Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. ... The Mozilla Foundation's Security Advisory describes the following issue: Script elements loading cross-origin resources generate load and error events which can leak information enabling XS-Leaks attacks. • https://bugzilla.mozilla.org/show_bug.cgi?id=1965628 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48382 – Fess has Insecure Temporary File Permissions
https://notcve.org/view.php?id=CVE-2025-48382
27 May 2025 — This could lead to potential information disclosure, allowing unauthorized local users to access sensitive data contained in these files. • https://github.com/codelibs/fess/commit/25b2009fea2a0f6ccd5aa8154aa54b536c08f6c4 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33079 – IBM Controller information disclosure
https://notcve.org/view.php?id=CVE-2025-33079
27 May 2025 — IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code. • https://www.ibm.com/support/pages/node/7234720 • CWE-256: Plaintext Storage of a Password •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-46804 – Screen 5.0.0 and older versions allow file existence tests when installed setuid-root
https://notcve.org/view.php?id=CVE-2025-46804
26 May 2025 — A minor information leak when running Screen with setuid-root privileges allosw unprivileged users to deduce information about a path that would otherwise not be available. ... A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46804 • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-5184 – Summer Pearl Group Vacation Rental Management Platform HTTP Response Header information disclosure
https://notcve.org/view.php?id=CVE-2025-5184
26 May 2025 — The manipulation leads to information disclosure. ... Mittels Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://summerpearlgroup.gr/spgpm/releases • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •