CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 2CVE-2025-34057 – Ruijie NBR Router Administrative Credential Disclosure
https://notcve.org/view.php?id=CVE-2025-34057
02 Jul 2025 — An information disclosure vulnerability exists in Ruijie NBR series routers (known to affect NBR2000G, NBR1300G, and NBR1000 models) via the /WEB_VMS/LEVEL15/ endpoint. ... An information disclosure vulnerability exists in Ruijie NBR series routers (known to affect NBR2000G, NBR1300G, and NBR1000 models) via the /WEB_VMS/LEVEL15/ endpoint. • https://vulncheck.com/advisories/ruijie-nbr-router-administrative-credential-disclosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-306: Missing Authentication for Critical Function •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27021 – Operating System Misconfiguration in Infinera G42
https://notcve.org/view.php?id=CVE-2025-27021
02 Jul 2025 — This could allow sensitive information disclosure, denial of service, and privilege escalation by tampering with kernel memory. • https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27021 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49741 – Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-49741
01 Jul 2025 — No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. No hay solución para este problema en Microsoft Edge (basado en Chromium) que permite que un atacante no autorizado divulgue información a través de una red. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49741 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6600 – GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Search API
https://notcve.org/view.php?id=CVE-2025-6600
01 Jul 2025 — An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API endpoint. Successful exploitation required an organization administrator to install a malicious GitHub App in the organization’s repositories. This vulnerability impacted only GitHub Enterprise Server version 3.17 and ... • https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-34064 – OneLogin AD Connector Log S3 Bucket Hijack Leading to Cross-Tenant Data Leakage
https://notcve.org/view.php?id=CVE-2025-34064
01 Jul 2025 — A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket (onelogin-adc-logs-production) without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. These logs may contain sensitive data such as directory tokens, user metadata, and environment configuration. This enables cross-tenant leakage of secrets, potentially allowing JWT signing key recovery and user imper... • https://specterops.io/blog/2025/06/10/onelogin-many-issues-how-i-pivoted-from-a-trial-tenant-to-compromising-customer-signing-keys • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-34062 – OneLogin AD Connector API Credential and Signing Key Exposure
https://notcve.org/view.php?id=CVE-2025-34062
01 Jul 2025 — An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. ... An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. • https://specterops.io/blog/2025/06/10/onelogin-many-issues-how-i-pivoted-from-a-trial-tenant-to-compromising-customer-signing-keys • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 2CVE-2025-34066 – AVTECH IP camera, DVR, and NVR Devices Unauthenticated Information Disclosure
https://notcve.org/view.php?id=CVE-2025-34066
01 Jul 2025 — An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle (MITM) attacks. Existe una vulnerabilidad de validación incorrecta de certificados en AVTECH IP cameras, DVRs, y NVRs debido al uso de wget con --no-check-certificate en scripts como SyncCloudAccount.sh y SyncPermit.sh. Esto expone las comunicaciones HTTPS a... • https://avtech.com • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2025-34052 – AVTECH IP camera, DVR, and NVR Devices Unauthenticated Information Disclosure
https://notcve.org/view.php?id=CVE-2025-34052
01 Jul 2025 — An unauthenticated information disclosure vulnerability exists in AVTECH IP cameras, DVRs, and NVRs via Machine.cgi? • https://avtech.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-306: Missing Authentication for Critical Function •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36582
https://notcve.org/view.php?id=CVE-2025-36582
01 Jul 2025 — An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. • https://www.dell.com/support/kbdoc/en-us/000338757/dsa-2025-268-security-update-for-dell-networker-selection-of-less-secure-algorithm-during-negotiation-vulnerability • CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 9.4EPSS: 6%CPEs: 1EXPL: 3CVE-2025-6554 – Google Chromium V8 Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-6554
30 Jun 2025 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://github.com/rbaicba/CVE-2025-6554 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •