CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25026 – IBM Security Guardium information disclosure
https://notcve.org/view.php?id=CVE-2025-25026
28 May 2025 — IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check. • https://www.ibm.com/support/pages/node/7234827 • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25025 – IBM Security Guardium information disclosure
https://notcve.org/view.php?id=CVE-2025-25025
28 May 2025 — IBM Security Guardium 12.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7234827 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27701
https://notcve.org/view.php?id=CVE-2025-27701
27 May 2025 — Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure. • https://source.android.com/security/bulletin/pixel/2025-05-01 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56193
https://notcve.org/view.php?id=CVE-2024-56193
27 May 2025 — This could lead to local information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2025-05-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48382 – Fess has Insecure Temporary File Permissions
https://notcve.org/view.php?id=CVE-2025-48382
27 May 2025 — This could lead to potential information disclosure, allowing unauthorized local users to access sensitive data contained in these files. • https://github.com/codelibs/fess/commit/25b2009fea2a0f6ccd5aa8154aa54b536c08f6c4 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33079 – IBM Controller information disclosure
https://notcve.org/view.php?id=CVE-2025-33079
27 May 2025 — IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code. • https://www.ibm.com/support/pages/node/7234720 • CWE-256: Plaintext Storage of a Password •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-46804 – Screen 5.0.0 and older versions allow file existence tests when installed setuid-root
https://notcve.org/view.php?id=CVE-2025-46804
26 May 2025 — A minor information leak when running Screen with setuid-root privileges allosw unprivileged users to deduce information about a path that would otherwise not be available. ... A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46804 • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-5184 – Summer Pearl Group Vacation Rental Management Platform HTTP Response Header information disclosure
https://notcve.org/view.php?id=CVE-2025-5184
26 May 2025 — The manipulation leads to information disclosure. ... Mittels Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://summerpearlgroup.gr/spgpm/releases • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-41654 – PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL – Device is affected by information disclosure via the SNMP protocol
https://notcve.org/view.php?id=CVE-2025-41654
26 May 2025 — An unauthenticated remote attacker can access information about running processes via the SNMP protocol. The amount of returned data can trigger a reboot by the watchdog. Un atacante remoto no autenticado puede acceder a información sobre los procesos en ejecución mediante el protocolo SNMP. La cantidad de datos devueltos puede provocar un reinicio del sistema por parte del watchdog. • https://cert.vde.com/en/advisories/VDE-2025-011 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1CVE-2025-34026 – Versa Concerto Actuator Authentication Bypass Information Leak
https://notcve.org/view.php?id=CVE-2025-34026
21 May 2025 — The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable. • https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce • CWE-287: Improper Authentication •