CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0997 – Debian Security Advisory 5866-1
https://notcve.org/view.php?id=CVE-2025-0997
14 Feb 2025 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25195 – Zulip events can leak private channel names
https://notcve.org/view.php?id=CVE-2025-25195
13 Feb 2025 — The first message sent to a private channel which had not previously had any messages for over 180 days (and were thus already marked "inactive") would leak an event to all users in the organization; this event also contained the name of the private channel. • https://github.com/zulip/zulip/commit/50256f48314250978f521ef439cafa704e056539 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-12012
https://notcve.org/view.php?id=CVE-2024-12012
13 Feb 2025 — Both the SHA-1 hash of the password as well as the session tokens are included as part of the URL and therefore exposed to information leakage scenarios. An attacker capable of accessing such values (e.g., victim browser, network traffic inspection) can exploit this vulnerability to leak both the password hash as well as session tokens and bypass the authentication mechanism using a pass-the-hash attack. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12012 • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-12011
https://notcve.org/view.php?id=CVE-2024-12011
13 Feb 2025 — The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid authentication tokens from the process memory associated to users currently logged to the system and bypass the authentication mechanism. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12011 • CWE-126: Buffer Over-read •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-1247 – Io.quarkus:quarkus-rest: quarkus rest endpoint request parameter leakage due to shared instance
https://notcve.org/view.php?id=CVE-2025-1247
13 Feb 2025 — A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information. ... Issues addressed include a memory leak vulnerability. • https://access.redhat.com/security/cve/CVE-2025-1247 • CWE-488: Exposure of Data Element to Wrong Session •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-22961
https://notcve.org/view.php?id=CVE-2025-22961
13 Feb 2025 — A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Control (CWE-284). • https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-22961 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.6EPSS: 0%CPEs: -EXPL: 0CVE-2023-48366
https://notcve.org/view.php?id=CVE-2023-48366
12 Feb 2025 — Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable information disclosure via local access. • https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01203.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 2.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-39271
https://notcve.org/view.php?id=CVE-2024-39271
12 Feb 2025 — Improper restriction of communication channel to intended endpoints in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software before version 23.80 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. • https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01224.html • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28047
https://notcve.org/view.php?id=CVE-2024-28047
12 Feb 2025 — Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. • https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01139.html • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31157
https://notcve.org/view.php?id=CVE-2024-31157
12 Feb 2025 — Improper initialization in UEFI firmware OutOfBandXML module in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. • https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01139.html • CWE-665: Improper Initialization •