
CVE-2025-49147 – Umbraco.Cms Vulnerable to Disclosure of Configured Password Requirements
https://notcve.org/view.php?id=CVE-2025-49147
24 Jun 2025 — Via a request to an anonymously authenticated endpoint it's possible to retrieve information about the configured password requirements. The information available is limited but would perhaps give some additional detail useful for someone attempting to brute force derive a user's password. This information was not exposed in Umbraco 7 or 8, nor in 14 or higher versions. • https://github.com/umbraco/Umbraco-CMS/commit/b4144564c836ec6929111ce2a12eb1f67b42d61e • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •

CVE-2025-23260
https://notcve.org/view.php?id=CVE-2025-23260
24 Jun 2025 — A successful exploit of this vulnerability may lead to information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5660 • CWE-266: Incorrect Privilege Assignment •

CVE-2025-23265
https://notcve.org/view.php?id=CVE-2025-23265
24 Jun 2025 — A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5663 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2025-23264
https://notcve.org/view.php?id=CVE-2025-23264
24 Jun 2025 — A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5663 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2025-39202
https://notcve.org/view.php?id=CVE-2025-39202
24 Jun 2025 — An authenticated user with low privileges can see and overwrite files causing information leak and data corruption. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-269: Improper Privilege Management •

CVE-2025-27827
https://notcve.org/view.php?id=CVE-2025-27827
24 Jun 2025 — A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.2.0.3 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper handling of session data. A successful exploit requires user interaction and could allow an attacker to access sensitive information, leading to unauthorized access to active chat rooms, reading chat data, and sending messages during an active chat session. • https://www.mitel.com/support/security-advisories • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2025-49574 – Quarkus potential data leak when duplicating a duplicated context
https://notcve.org/view.php?id=CVE-2025-49574
23 Jun 2025 — In versions prior to 3.24.0, there is a potential data leak when duplicating a duplicated context. • https://github.com/quarkusio/quarkus/commit/2b58f59f4bf0bae7d35b1abb585b65f2a66787d1 • CWE-668: Exposure of Resource to Wrong Sphere •

CVE-2025-27387 – OPPPO Clone Phone uses weak WPA passphrase as only means of security
https://notcve.org/view.php?id=CVE-2025-27387
23 Jun 2025 — OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure. • https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1937080145974403072 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2025-52920
https://notcve.org/view.php?id=CVE-2025-52920
23 Jun 2025 — Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products on the website. To be specific, an attacker could view the order details of any order by browsing to /en/account/orders/_ORDER_ID_ or use the address and billing information of other customers by manipulating the shipping_address_id and billing_address_id parameters when making an order (this information is then reflected in the receipt). • https://github.com/innocommerce/innoshop • CWE-425: Direct Request ('Forced Browsing') •

CVE-2025-52917
https://notcve.org/view.php?id=CVE-2025-52917
21 Jun 2025 — The Yealink YMCS RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests. • https://support.yealink.com/en/portal/knowledge/show?id=6476e7cd6a27da76bd06a9c9 • CWE-770: Allocation of Resources Without Limits or Throttling •