CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23315
https://notcve.org/view.php?id=CVE-2025-23315
26 Aug 2025 — NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-23315 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23314
https://notcve.org/view.php?id=CVE-2025-23314
26 Aug 2025 — NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-23314 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23313
https://notcve.org/view.php?id=CVE-2025-23313
26 Aug 2025 — NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-23313 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23312
https://notcve.org/view.php?id=CVE-2025-23312
26 Aug 2025 — NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-23312 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23307
https://notcve.org/view.php?id=CVE-2025-23307
26 Aug 2025 — A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-23307 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-57704 – EIP Builder XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-57704
26 Aug 2025 — Delta Electronics EIP Builder version 1.11 is vulnerable to a File Parsing XML External Entity Processing Information Disclosure Vulnerability. • https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00013_EIP%20Builder%20XML%20External%20Entity%20Processing%20Information%20Disclosure%20Vulnerability.pdf • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 1CVE-2025-9461 – diyhi bbs File Compression FilePackageManageAction.java information disclosure
https://notcve.org/view.php?id=CVE-2025-9461
26 Aug 2025 — This manipulation of the argument idGroup causes information disclosure. ... Durch Beeinflussen des Arguments idGroup mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://vuldb.com/?id.321296 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-8627 – Unauthenticated Protocol Commands on TP-Link KP303
https://notcve.org/view.php?id=CVE-2025-8627
25 Aug 2025 — The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak. ... The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak. • https://www.tp-link.com/us/support/faq/4619 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-52461
https://notcve.org/view.php?id=CVE-2025-52461
25 Aug 2025 — A specially crafted .nex file can lead to an information leak. • https://talosintelligence.com/vulnerability_reports/TALOS-2025-2238 • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7426 – MINOVA TTA Information Disclosure and Credential Exposure
https://notcve.org/view.php?id=CVE-2025-7426
25 Aug 2025 — Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. ... EDI or data integration), this could lead to data manipulation, extraction, or abuse. EDI or data integration), this could lead to data manipulation, extraction, or abuse. Debug ports 1602, 1603 and 1636 also exp... • https://www.minova.de/de/tta.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •