CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48064 – GitHub Desktop vulnerable to maliciously crafted file renames leading to information disclosure
https://notcve.org/view.php?id=CVE-2025-48064
21 May 2025 — Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means of Git attempting to access a network share. • https://github.com/desktop/desktop/security/advisories/GHSA-f234-7hj3-vr8j • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1418 – Information disclosure in Proget MDM
https://notcve.org/view.php?id=CVE-2025-1418
21 May 2025 — A low-privileged user can access information about profiles created in Proget MDM (Mobile Device Management), which contain details about allowed/prohibited functions. The profiles do not reveal any sensitive information (including their usage in connected devices). This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite). A low-privileged user can access information about profiles created in Proget MDM (Mobile Device Management), which contain details about allowed/prohi... • https://cert.pl/en/posts/2025/05/CVE-2025-1415 • CWE-863: Incorrect Authorization •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1417 – Information disclosure in Proget MDM
https://notcve.org/view.php?id=CVE-2025-1417
21 May 2025 — In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the MDM (Mobile Device Management). This information include user ids, email addresses, first names, last names and device UUIDs. The last one can be used for exploitation of CVE-2025-1416. Successful exploitation requires UUID of a targeted backup, which cannot be brute forced. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite). • https://cert.pl/en/posts/2025/05/CVE-2025-1415 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1415 – Information disclosure in Proget MDM
https://notcve.org/view.php?id=CVE-2025-1415
21 May 2025 — A low-privileged user is able to obtain information about tasks executed on devices controlled by Proget MDM (Mobile Device Management), as well as details of the devices like their UUIDs needed for exploitation of CVE-2025-1416. In order to perform the attack, one has to know a task_id, but since it's a low integer and there is no limit of requests an attacker can perform to a vulnerable endpoint, the task_id might be simply brute forced. This issue has been fixed in 2.17.5 version of Konsola Proget (serve... • https://cert.pl/en/posts/2025/05/CVE-2025-1415 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-4949 – XXE vulnerability in Eclipse JGit
https://notcve.org/view.php?id=CVE-2025-4949
21 May 2025 — This vulnerability can lead to information disclosure, denial of service, and other security issues. • https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1 • CWE-611: Improper Restriction of XML External Entity Reference CWE-827: Improper Control of Document Type Definition •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-37904 – btrfs: fix the inode leak in btrfs_iget()
https://notcve.org/view.php?id=CVE-2025-37904
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix the inode leak in btrfs_iget() [BUG] There is a bug report that a syzbot reproducer can lead to the following busy inode at unmount time: BTRFS info (device loop1): last unmount of filesystem 1680000e-3c1e-4c46-84b6-56bd3909af50 VFS: Busy inodes after unmount of loop1 (btrfs) ------------[ cut here ]------------ kernel BUG at fs/super.c:650! In the Linux kernel, the following vulnerability has been resolved: btrfs: ... • https://git.kernel.org/stable/c/7c855e16ab72596d771355050ffe026e6b99f91c •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4980 – Netgear DGND3700 mini_http currentsetting.htm information disclosure
https://notcve.org/view.php?id=CVE-2025-4980
20 May 2025 — The manipulation leads to information disclosure. ... Dank Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/at0de/my_vulns/blob/main/Netgear/DGND3700v2/currentsetting.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 3.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-47937 – TYPO3 Vulnerable to Information Disclosure via DBAL Restriction Handling
https://notcve.org/view.php?id=CVE-2025-47937
20 May 2025 — TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables through the database abstraction layer (DBAL), frontend user permissions are only applied via `FrontendGroupRestriction` to the first table. As a result, data from additional tables included in the same query may be unintentionally exposed to unauthorized users. Users... • https://github.com/TYPO3/typo3/security/advisories/GHSA-x8pv-fgxp-8v3x • CWE-863: Incorrect Authorization •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4977 – Netgear DGND3700 BRS_top.html information disclosure
https://notcve.org/view.php?id=CVE-2025-4977
20 May 2025 — The manipulation leads to information disclosure. ... Durch Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/at0de/my_vulns/blob/main/Netgear/DGND3700v2/BRS_top.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-41230 – VMware Cloud Foundation Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-41230
20 May 2025 — VMware Cloud Foundation contains an information disclosure vulnerability. ... VMware Cloud Foundation contains an information disclosure vulnerability. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25733 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •