CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-32698 – LogPager.php: Restriction enforcer functions do not correctly enforce suppression restrictions
https://notcve.org/view.php?id=CVE-2025-32698
10 Apr 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass. • https://phabricator.wikimedia.org/T385958 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-32697 – Cascading protection is not preventing file reversions
https://notcve.org/view.php?id=CVE-2025-32697
10 Apr 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass. • https://phabricator.wikimedia.org/T140010 • CWE-281: Improper Preservation of Permissions •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-32696 – "reupload-own" restriction can be bypassed by reverting file
https://notcve.org/view.php?id=CVE-2025-32696
10 Apr 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass. • https://phabricator.wikimedia.org/T304474 • CWE-281: Improper Preservation of Permissions •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3469 – i18n XSS vulnerability in HTMLMultiSelectField when sections are used
https://notcve.org/view.php?id=CVE-2025-3469
10 Apr 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass. • https://phabricator.wikimedia.org/T358689 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43035 – IBM Sterling Control Center information disclosure
https://notcve.org/view.php?id=CVE-2023-43035
10 Apr 2025 — IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system. • https://www.ibm.com/support/pages/node/7230561 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-23378
https://notcve.org/view.php?id=CVE-2025-23378
10 Apr 2025 — A low privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. • https://www.dell.com/support/kbdoc/en-us/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32594 – WordPress Simple WP Events plugin <= 1.8.17 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-32594
10 Apr 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in WPMinds Simple WP Events allows Retrieve Embedded Sensitive Data. This issue affects Simple WP Events: from n/a through 1.8.17. The Simple WP Events plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.17. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/simple-wp-events/vulnerability/wordpress-simple-wp-events-plugin-1-8-17-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-2632 – Out of Bounds Write Vulnerability in NI LabVIEW reading CPU info from cache
https://notcve.org/view.php?id=CVE-2025-2632
09 Apr 2025 — Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may result in information disclosure or arbitrary code execution. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-vulnerabilities-in-ni-labview.html • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-2631 – Out of Bounds Write Vulnerability in NI LabVIEW in InitCPUInformation()
https://notcve.org/view.php?id=CVE-2025-2631
09 Apr 2025 — Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result in information disclosure or arbitrary code execution. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-vulnerabilities-in-ni-labview.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 34%CPEs: 1EXPL: 2CVE-2025-32375 – Insecure Deserialization leads to RCE in BentoML's runner server
https://notcve.org/view.php?id=CVE-2025-32375
09 Apr 2025 — By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized arbitrary code on the server, which will grant the attackers to have the initial access and information disclosure on the server. ... By setting specific headers and parameters in the POST request, it is possible to execute unauthorized arbitrary code in the context of the user running the server, which will grant initial access and information disclosure. • https://packetstorm.news/files/id/190623 • CWE-502: Deserialization of Untrusted Data •