CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3469 – i18n XSS vulnerability in HTMLMultiSelectField when sections are used
https://notcve.org/view.php?id=CVE-2025-3469
10 Apr 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass. • https://phabricator.wikimedia.org/T358689 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43035 – IBM Sterling Control Center information disclosure
https://notcve.org/view.php?id=CVE-2023-43035
10 Apr 2025 — IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system. • https://www.ibm.com/support/pages/node/7230561 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-23378
https://notcve.org/view.php?id=CVE-2025-23378
10 Apr 2025 — Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an exposure of information through directory listing vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. • https://www.dell.com/support/kbdoc/en-us/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32594 – WordPress Simple WP Events plugin <= 1.8.17 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-32594
10 Apr 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in WPMinds Simple WP Events allows Retrieve Embedded Sensitive Data. ... The Simple WP Events plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.17. • https://patchstack.com/database/wordpress/plugin/simple-wp-events/vulnerability/wordpress-simple-wp-events-plugin-1-8-17-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-2632 – Out of Bounds Write Vulnerability in NI LabVIEW reading CPU info from cache
https://notcve.org/view.php?id=CVE-2025-2632
09 Apr 2025 — Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may result in information disclosure or arbitrary code execution. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-vulnerabilities-in-ni-labview.html • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-2631 – Out of Bounds Write Vulnerability in NI LabVIEW in InitCPUInformation()
https://notcve.org/view.php?id=CVE-2025-2631
09 Apr 2025 — Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result in information disclosure or arbitrary code execution. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-vulnerabilities-in-ni-labview.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32375 – Insecure Deserialization leads to RCE in BentoML's runner server
https://notcve.org/view.php?id=CVE-2025-32375
09 Apr 2025 — By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized arbitrary code on the server, which will grant the attackers to have the initial access and information disclosure on the server. • https://github.com/bentoml/BentoML/security/advisories/GHSA-7v4r-c989-xh26 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25023 – IBM Security Guardium information disclosure
https://notcve.org/view.php?id=CVE-2025-25023
09 Apr 2025 — IBM Security Guardium 11.4 and 12.1 could allow a privileged user to read any file on the system due to incorrect privilege assignment. • https://www.ibm.com/support/pages/node/7230467 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-27934
https://notcve.org/view.php?id=CVE-2025-27934
09 Apr 2025 — Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product authentication information. • https://jvn.jp/en/vu/JVNVU93925742 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3442 – Information Disclosure Vulnerability in TP-Link Tapo IoT Smart Hub
https://notcve.org/view.php?id=CVE-2025-3442
09 Apr 2025 — This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device. This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by... • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0072 • CWE-312: Cleartext Storage of Sensitive Information •