
CVE-2025-6814 – Booking X 1.0 - 1.1.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via export_now() Function
https://notcve.org/view.php?id=CVE-2025-6814
03 Jul 2025 — The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_now() function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal credentials, by issuing a crafted POST request. El complemento Booking X para WordPress es vulnerable al acceso no autorizado a los datos debido a la falta de una comprobación de capacidad en la función export_now(... • https://plugins.trac.wordpress.org/browser/booking-x/tags/1.1.2/admin/class-bookingx-admin.php#L784 • CWE-862: Missing Authorization •

CVE-2025-6587 – Exposure of system environment variables in Docker Desktop diagnostic logs
https://notcve.org/view.php?id=CVE-2025-6587
03 Jul 2025 — This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc. • https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs • CWE-532: Insertion of Sensitive Information into Log File •

CVE-2025-6926 – Security Authentication Bypass in CentralAuth
https://notcve.org/view.php?id=CVE-2025-6926
03 Jul 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, information disclosure, HTML injection or incorrect tracking of authentication events. • https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165117 • CWE-287: Improper Authentication •

CVE-2025-6590 – Debian Security Advisory 5957-1
https://notcve.org/view.php?id=CVE-2025-6590
03 Jul 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, information disclosure, HTML injection or incorrect tracking of authentication events. •

CVE-2025-6591 – Debian Security Advisory 5957-1
https://notcve.org/view.php?id=CVE-2025-6591
03 Jul 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, information disclosure, HTML injection or incorrect tracking of authentication events. •

CVE-2025-6593 – Debian Security Advisory 5957-1
https://notcve.org/view.php?id=CVE-2025-6593
03 Jul 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, information disclosure, HTML injection or incorrect tracking of authentication events. •

CVE-2025-6594 – Debian Security Advisory 5957-1
https://notcve.org/view.php?id=CVE-2025-6594
03 Jul 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, information disclosure, HTML injection or incorrect tracking of authentication events. •

CVE-2025-6595 – Debian Security Advisory 5957-1
https://notcve.org/view.php?id=CVE-2025-6595
03 Jul 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, information disclosure, HTML injection or incorrect tracking of authentication events. •

CVE-2025-6597 – Debian Security Advisory 5957-1
https://notcve.org/view.php?id=CVE-2025-6597
03 Jul 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, information disclosure, HTML injection or incorrect tracking of authentication events. •

CVE-2025-34072 – Anthropic Slack MCP Server Data Exfiltration via Link Unfurling
https://notcve.org/view.php?id=CVE-2025-34072
02 Jul 2025 — A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol (MCP) Server via automatic link unfurling. When an AI agent using the Slack MCP Server processes untrusted data, it can be manipulated to generate messages containing attacker-crafted hyperlinks embedding sensitive data. Slack’s link preview bots (e.g., Slack-LinkExpanding, Slackbot, Slack-ImgProxy) will then issue outbound requests to the attacker-controlled URL, resulting in zero-click exfiltration of private d... • https://embracethered.com/blog/posts/2025/security-advisory-anthropic-slack-mcp-server-data-leakage • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •