CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-10699
https://notcve.org/view.php?id=CVE-2025-10699
15 Oct 2025 — A vulnerability was reported in the Lenovo LeCloud client application that, under certain conditions, could allow information disclosure. • https://iknow.lenovo.com.cn/detail/432379 • CWE-295: Improper Certificate Validation •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-55082 – Potential out of bound read and info leak in_nx_secure_tls_psk_identity_find()
https://notcve.org/view.php?id=CVE-2025-55082
15 Oct 2025 — In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK length provided in the user message. • https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-8h38-qjhh-mf2h • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2025-9640 – Samba: vfs_streams_xattr uninitialized memory write possible
https://notcve.org/view.php?id=CVE-2025-9640
15 Oct 2025 — This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability. • https://access.redhat.com/security/cve/CVE-2025-9640 • CWE-908: Use of Uninitialized Resource •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-11196 – External Login <= 1.11.2 - Authenticated (Subscriber+) Sensitive Data Exposure via Test Connection
https://notcve.org/view.php?id=CVE-2025-11196
14 Oct 2025 — The External Login plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.11.2 due to the 'exlog_test_connection' AJAX action lacking capability checks or nonce validation. This makes it possible for authenticated attackers, with subscriber-level access and above, to query the configured external database and retrieve truncated usernames, email addresses, and password hashes via the diagnostic test results view. • https://plugins.trac.wordpress.org/browser/external-login/trunk/login/db.php#L215 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-23356
https://notcve.org/view.php?id=CVE-2025-23356
14 Oct 2025 — A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5708 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-59260 – Microsoft Failover Cluster Virtual Driver Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-59260
14 Oct 2025 — Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59260 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 16EXPL: 0CVE-2025-59232 – Microsoft Excel Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-59232
14 Oct 2025 — Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59232 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 0CVE-2025-59209 – Windows Push Notification Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-59209
14 Oct 2025 — Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59209 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.5EPSS: 0%CPEs: 22EXPL: 0CVE-2025-59208 – Windows MapUrlToZone Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-59208
14 Oct 2025 — Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59208 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2025-59203 – Windows State Repository API Server File Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-59203
14 Oct 2025 — Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59203 • CWE-532: Insertion of Sensitive Information into Log File •