CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2025-3523 – thunderbird: User Interface (UI) Misrepresentation of attachment URL
https://notcve.org/view.php?id=CVE-2025-3523
15 Apr 2025 — Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure • https://bugzilla.mozilla.org/show_bug.cgi?id=1958385 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-2830 – thunderbird: Information Disclosure of /tmp directory listing
https://notcve.org/view.php?id=CVE-2025-2830
15 Apr 2025 — By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2. An update for thunderbird... • https://bugzilla.mozilla.org/show_bug.cgi?id=1956379 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-3522 – thunderbird: Leak of hashed Window credentials via crafted attachment URL
https://notcve.org/view.php?id=CVE-2025-3522
15 Apr 2025 — Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure • https://bugzilla.mozilla.org/show_bug.cgi?id=1955372 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32635 – WordPress Hive Support plugin <= 1.2.2 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-32635
15 Apr 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in Hive Support Hive Support allows Retrieve Embedded Sensitive Data. This issue affects Hive Support: from n/a through 1.2.2. The Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/hive-support/vulnerability/wordpress-hive-support-plugin-1-2-2-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43851 – IBM Aspera Console information disclosure
https://notcve.org/view.php?id=CVE-2022-43851
14 Apr 2025 — IBM Aspera Console 3.4.0 through 3.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7169766 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43852 – IBM Aspera Console information disclosure
https://notcve.org/view.php?id=CVE-2022-43852
14 Apr 2025 — IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system. IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7169766 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0123 – PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures
https://notcve.org/view.php?id=CVE-2025-0123
11 Apr 2025 — A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture in decrypted HTTP/2 data streams traversing network interfaces on the firewall. HTTP/1.1 data streams are not impacted. In normal conditions, decrypted packet captures are available to firewall administrators after they obtain and in... • https://security.paloaltonetworks.com/CVE-2025-0123 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32080 – Cross-origin data leak in mobilefrontend via lazy load images
https://notcve.org/view.php?id=CVE-2025-32080
11 Apr 2025 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - Mobile Frontend Extension allows Shared Resource Manipulation.This issue affects Mediawiki - Mobile Frontend Extension: from 1.39 through 1.43. • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/MobileFrontend/+/1123392 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32700 – AbuseFilter log interfaces expose global private and hidden filters when central DB is not available
https://notcve.org/view.php?id=CVE-2025-32700
10 Apr 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass. • https://phabricator.wikimedia.org/T389235 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-32699 – Potential javascript injection attack enabled by Unicode normalization in Action API
https://notcve.org/view.php?id=CVE-2025-32699
10 Apr 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass. • https://phabricator.wikimedia.org/T387130 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •