
CVE-2025-0632 – Local File Inclusion (LFI) leading to sensitive data exposure
https://notcve.org/view.php?id=CVE-2025-0632
21 Apr 2025 — Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to exfiltrate data including credentials, and with no rate limiting a malicious actor could enumerate the filesystem of the host machine and potentially lead to full host compromise. This issue affects Rock Maker Web: f... • https://www.formulatrix.com/downloads/apps/repository/rockmaker • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVE-2025-39394 – WordPress AnalyticsWP plugin <= 2.1.2 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-39394
18 Apr 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Solid Plugins AnalyticsWP allows Retrieve Embedded Sensitive Data.This issue affects AnalyticsWP: from n/a through 2.1.2. The AnalyticsWP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/analyticswp/vulnerability/wordpress-analyticswp-plugin-2-1-2-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •

CVE-2025-28235
https://notcve.org/view.php?id=CVE-2025-28235
18 Apr 2025 — An information disclosure vulnerability in the component /socket.io/1/websocket/ of Soundcraft Ui Series Model(s) Ui12 and Ui16 Firmware v1.0.7x and v1.0.5x allows attackers to access Administrator credentials in plaintext. • https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-28235 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2025-26478
https://notcve.org/view.php?id=CVE-2025-26478
17 Apr 2025 — An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure. • https://www.dell.com/support/kbdoc/en-in/000300068/dsa-2025-097-security-update-for-dell-objectscale-4-0-multiple-vulnerabilities • CWE-295: Improper Certificate Validation •

CVE-2025-39439 – WordPress wpLike2Get plugin <= 1.2.9 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-39439
17 Apr 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Markus Drubba wpLike2Get allows Retrieve Embedded Sensitive Data. This issue affects wpLike2Get: from n/a through 1.2.9. The wpLike2Get plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/wplike2get/vulnerability/wordpress-wplike2get-plugin-1-2-9-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •

CVE-2025-2073
https://notcve.org/view.php?id=CVE-2025-2073
16 Apr 2025 — Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure • https://issues.chromium.org/issues/b/380043638 • CWE-125: Out-of-bounds Read •

CVE-2025-3620 – Debian Security Advisory 5903-1
https://notcve.org/view.php?id=CVE-2025-3620
16 Apr 2025 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html • CWE-416: Use After Free •

CVE-2025-3619 – Debian Security Advisory 5903-1
https://notcve.org/view.php?id=CVE-2025-3619
16 Apr 2025 — (Chromium security severity: Critical) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html • CWE-122: Heap-based Buffer Overflow •

CVE-2024-22314 – IBM Storage Defender - Resiliency Service information disclosure
https://notcve.org/view.php?id=CVE-2024-22314
16 Apr 2025 — IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7229903 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVE-2025-39553 – Church Admin <= 5.0.9 - Unauthenticated Information Disclosure
https://notcve.org/view.php?id=CVE-2025-39553
16 Apr 2025 — The Church Admin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •