CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 1CVE-2025-7874 – Metasoft 美特软件 MetaCRM env.jsp information disclosure
https://notcve.org/view.php?id=CVE-2025-7874
20 Jul 2025 — The manipulation leads to information disclosure. ... Dank Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/FightingLzn9/vul/blob/main/MetaCRM6-SIL-2.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-52163
https://notcve.org/view.php?id=CVE-2025-52163
18 Jul 2025 — This can lead to sensitive data exposure. • http://agorum.com • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6391 – JSON Web Token (JWT) Exposure in Log Files
https://notcve.org/view.php?id=CVE-2025-6391
17 Jul 2025 — An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35951 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.7EPSS: 0%CPEs: -EXPL: 0CVE-2025-23269
https://notcve.org/view.php?id=CVE-2025-23269
17 Jul 2025 — A successful exploit of this vulnerability may lead to information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5662 • CWE-1423: Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23270
https://notcve.org/view.php?id=CVE-2025-23270
17 Jul 2025 — A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5662 • CWE-392: Missing Report of Error Condition •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42209 – HCL Connections is vulnerable to an information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-42209
17 Jul 2025 — HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to, which is caused by improper handling of request data. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0122628 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2025-23266 – NVIDIA Container Toolkit Environment Variable Handling Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-23266
17 Jul 2025 — A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service. • https://github.com/jpts/cve-2025-23266-poc • CWE-426: Untrusted Search Path •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 3CVE-2025-34128 – X360 VideoPlayer ActiveX Control Buffer Overflow via ConvertFile()
https://notcve.org/view.php?id=CVE-2025-34128
16 Jul 2025 — A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process. • https://rh0dev.github.io/blog/2015/fun-with-info-leaks • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53983 – JetElements For Elementor <= 2.7.7 - Authenticated (Subscriber+) Information Disclosure
https://notcve.org/view.php?id=CVE-2025-53983
16 Jul 2025 — The JetElements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53993 – JetPopup <= 2.0.15 - Authenticated (Subscriber+) Information Disclosure
https://notcve.org/view.php?id=CVE-2025-53993
16 Jul 2025 — The JetPopup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •