CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-29594
https://notcve.org/view.php?id=CVE-2025-29594
07 Apr 2025 — Specifically, the $_GET['errorcode'] parameter can be manipulated to access unauthorized error codes, leading to Cross-Site Scripting (XSS) attacks and information disclosure. • https://github.com/LielXD/CS2-WeaponPaints-Website/blob/b1d8364c1cbcab6981a564d8abe43b1cc26a2503/errorpage.php#L41 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42208 – HCL Connections is vulnerable to an information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-42208
04 Apr 2025 — HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120347 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32164 – WordPress m1.DownloadList plugin <= 0.21 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-32164
04 Apr 2025 — This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/m1downloadlist/vulnerability/wordpress-m1-downloadlist-plugin-0-21-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32238 – WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.2 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-32238
04 Apr 2025 — Generation of Error Message Containing Sensitive Information vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Retrieve Embedded Sensitive Data. ... This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/meeting-scheduler-by-vcita/vulnerability/wordpress-online-booking-scheduling-calendar-for-wordpress-by-vcita-plugin-4-5-2-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32251 – WordPress Jetpack Feedback Exporter <= 1.23 - Sensitive Data Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2025-32251
04 Apr 2025 — Tyler Wiest Jetpack Feedback Exporter allows Retrieve Embedded Sensitive Data. ... This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/jetpack-feedback-exporter/vulnerability/wordpress-jetpack-feedback-exporter-1-23-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32255 – WordPress StaffList plugin <= 3.2.6 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-32255
04 Apr 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ERA404 StaffList allows Retrieve Embedded Sensitive Data. ... This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/stafflist/vulnerability/wordpress-stafflist-plugin-3-2-6-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32257 – WordPress 1 Click WordPress Migration Plugin <= 2.2 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-32257
04 Apr 2025 — Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration allows Retrieve Embedded Sensitive Data. ... This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/1-click-migration/vulnerability/wordpress-1-click-wordpress-migration-plugin-2-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-1258: Exposure of Sensitive System Information Due to Uncleared Debug Information •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32228 – WordPress Ai Image Alt Text Generator for WP plugin <= 1.0.8 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-32228
04 Apr 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/ai-image-alt-text-generator-for-wp/vulnerability/wordpress-ai-image-alt-text-generator-for-wp-plugin-1-0-8-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31487 – The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server
https://notcve.org/view.php?id=CVE-2025-31487
03 Apr 2025 — The XWiki JIRA extension provides various integration points between XWiki and JIRA (macros, UI, CKEditor plugin). If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a DOCTYPE pointing to a local file on the XWiki server host and displaying that file's content in one of the returned JIRA fields (such as the summary or description for example). The vulnerability has been patched ... • https://github.com/xwiki-contrib/jira/commit/5049e352d16f8356734de70daf1202301f170ee6 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-0272 – HCL DevOps Deploy / HCL Launch is susceptible to an HTML injection vulnerability
https://notcve.org/view.php?id=CVE-2025-0272
03 Apr 2025 — This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120137 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •