CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1128 – Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion
https://notcve.org/view.php?id=CVE-2025-1128
17 Feb 2025 — This makes it possible for unauthenticated attackers to upload, read, and delete arbitrary files on the affected site's server which may make remote code execution, sensitive information disclosure, or a site takeover possible. • https://github.com/wpeverest/everest-forms/commit/7d37858d2c614aa107b0f495fe50819a3867e7f5 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5461 – Command or parameter injection via unique embedded switch SNMP commands.
https://notcve.org/view.php?id=CVE-2024-5461
15 Feb 2025 — Brocade Fabric OS versions prior to 9.2.2 suffer from 10 vulnerabilities including, but not limited to, remote code execution, information disclosure, man-in-the-middle, weak cryptography, and hardcoded key vulnerabilities. • https://packetstorm.news/files/id/190177 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.6EPSS: 0%CPEs: 30EXPL: 0CVE-2022-28693 – hw: cpu: Intel: information disclosure via local access
https://notcve.org/view.php?id=CVE-2022-28693
14 Feb 2025 — Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. ... The unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to enable information disclosure via local access. • https://intel.com/content/www/us/en/security-center/advisory/intel-sa-00707.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-420: Unprotected Alternate Channel •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2022-26083
https://notcve.org/view.php?id=CVE-2022-26083
14 Feb 2025 — Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access. • https://intel.com/content/www/us/en/security-center/advisory/intel-sa-00667.html • CWE-1204: Generation of Weak Initialization Vector (IV) •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12651 – Sensitive Data Exposure in PTT Inc.'
https://notcve.org/view.php?id=CVE-2024-12651
14 Feb 2025 — Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables.This issue affects HGS Mobile App: before 6.5.0. • https://www.usom.gov.tr/bildirim/tr-25-0034 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26758 – WordPress Spotlight Social Feeds plugin <= 1.7.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-26758
14 Feb 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RebelCode Spotlight Social Media Feeds allows Retrieve Embedded Sensitive Data. This issue affects Spotlight Social Media Feeds: from n/a through 1.7.1. The Spotlight Social Feeds – Block, Shortcode, and Widget plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to extract sensitive user or configuration... • https://patchstack.com/database/wordpress/plugin/spotlight-social-photo-feeds/vulnerability/wordpress-spotlight-social-feeds-plugin-1-7-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0995 – Debian Security Advisory 5866-1
https://notcve.org/view.php?id=CVE-2025-0995
14 Feb 2025 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html • CWE-416: Use After Free •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0996 – Debian Security Advisory 5866-1
https://notcve.org/view.php?id=CVE-2025-0996
14 Feb 2025 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html • CWE-1007: Insufficient Visual Distinction of Homoglyphs Presented to User •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0997 – Debian Security Advisory 5866-1
https://notcve.org/view.php?id=CVE-2025-0997
14 Feb 2025 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-12011
https://notcve.org/view.php?id=CVE-2024-12011
13 Feb 2025 — The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid authentication tokens from the process memory associated to users currently logged to the system and bypass the authentication mechanism. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12011 • CWE-126: Buffer Over-read •