CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48382 – Fess has Insecure Temporary File Permissions
https://notcve.org/view.php?id=CVE-2025-48382
27 May 2025 — This could lead to potential information disclosure, allowing unauthorized local users to access sensitive data contained in these files. • https://github.com/codelibs/fess/commit/25b2009fea2a0f6ccd5aa8154aa54b536c08f6c4 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33079 – IBM Controller information disclosure
https://notcve.org/view.php?id=CVE-2025-33079
27 May 2025 — IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code. • https://www.ibm.com/support/pages/node/7234720 • CWE-256: Plaintext Storage of a Password •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-46804 – Screen 5.0.0 and older versions allow file existence tests when installed setuid-root
https://notcve.org/view.php?id=CVE-2025-46804
26 May 2025 — A minor information leak when running Screen with setuid-root privileges allosw unprivileged users to deduce information about a path that would otherwise not be available. ... A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46804 • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-5184 – Summer Pearl Group Vacation Rental Management Platform HTTP Response Header information disclosure
https://notcve.org/view.php?id=CVE-2025-5184
26 May 2025 — The manipulation leads to information disclosure. ... Mittels Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://summerpearlgroup.gr/spgpm/releases • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-41654 – PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL – Device is affected by information disclosure via the SNMP protocol
https://notcve.org/view.php?id=CVE-2025-41654
26 May 2025 — An unauthenticated remote attacker can access information about running processes via the SNMP protocol. The amount of returned data can trigger a reboot by the watchdog. Un atacante remoto no autenticado puede acceder a información sobre los procesos en ejecución mediante el protocolo SNMP. La cantidad de datos devueltos puede provocar un reinicio del sistema por parte del watchdog. • https://cert.vde.com/en/advisories/VDE-2025-011 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1CVE-2025-34026 – Versa Concerto Actuator Authentication Bypass Information Leak
https://notcve.org/view.php?id=CVE-2025-34026
21 May 2025 — The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable. • https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce • CWE-287: Improper Authentication •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48064 – GitHub Desktop vulnerable to maliciously crafted file renames leading to information disclosure
https://notcve.org/view.php?id=CVE-2025-48064
21 May 2025 — Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means of Git attempting to access a network share. • https://github.com/desktop/desktop/security/advisories/GHSA-f234-7hj3-vr8j • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1418 – Information disclosure in Proget MDM
https://notcve.org/view.php?id=CVE-2025-1418
21 May 2025 — A low-privileged user can access information about profiles created in Proget MDM (Mobile Device Management), which contain details about allowed/prohibited functions. The profiles do not reveal any sensitive information (including their usage in connected devices). This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite). A low-privileged user can access information about profiles created in Proget MDM (Mobile Device Management), which contain details about allowed/prohi... • https://cert.pl/en/posts/2025/05/CVE-2025-1415 • CWE-863: Incorrect Authorization •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1417 – Information disclosure in Proget MDM
https://notcve.org/view.php?id=CVE-2025-1417
21 May 2025 — In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the MDM (Mobile Device Management). This information include user ids, email addresses, first names, last names and device UUIDs. The last one can be used for exploitation of CVE-2025-1416. Successful exploitation requires UUID of a targeted backup, which cannot be brute forced. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite). • https://cert.pl/en/posts/2025/05/CVE-2025-1415 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1415 – Information disclosure in Proget MDM
https://notcve.org/view.php?id=CVE-2025-1415
21 May 2025 — A low-privileged user is able to obtain information about tasks executed on devices controlled by Proget MDM (Mobile Device Management), as well as details of the devices like their UUIDs needed for exploitation of CVE-2025-1416. In order to perform the attack, one has to know a task_id, but since it's a low integer and there is no limit of requests an attacker can perform to a vulnerable endpoint, the task_id might be simply brute forced. This issue has been fixed in 2.17.5 version of Konsola Proget (serve... • https://cert.pl/en/posts/2025/05/CVE-2025-1415 • CWE-863: Incorrect Authorization •