CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39202
https://notcve.org/view.php?id=CVE-2025-39202
24 Jun 2025 — An authenticated user with low privileges can see and overwrite files causing information leak and data corruption. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-269: Improper Privilege Management •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-27827
https://notcve.org/view.php?id=CVE-2025-27827
24 Jun 2025 — A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.2.0.3 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper handling of session data. A successful exploit requires user interaction and could allow an attacker to access sensitive information, leading to unauthorized access to active chat rooms, reading chat data, and sending messages during an active chat session. • https://www.mitel.com/support/security-advisories • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49574 – Quarkus potential data leak when duplicating a duplicated context
https://notcve.org/view.php?id=CVE-2025-49574
23 Jun 2025 — In versions prior to 3.24.0, there is a potential data leak when duplicating a duplicated context. ... With the new semantic data from one transaction can leak to the data from another transaction. • https://github.com/quarkusio/quarkus/commit/2b58f59f4bf0bae7d35b1abb585b65f2a66787d1 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27387 – OPPPO Clone Phone uses weak WPA passphrase as only means of security
https://notcve.org/view.php?id=CVE-2025-27387
23 Jun 2025 — OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure. • https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1937080145974403072 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-52917
https://notcve.org/view.php?id=CVE-2025-52917
21 Jun 2025 — The Yealink YMCS RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests. • https://support.yealink.com/en/portal/knowledge/show?id=6476e7cd6a27da76bd06a9c9 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 2CVE-2025-25037 – Aquatronica Controller System Complete Information Disclosure
https://notcve.org/view.php?id=CVE-2025-25037
20 Jun 2025 — An information disclosure vulnerability exists in Aquatronica Controller System firmware versions <= 5.1.6 and web interface versions <= 2.0. • https://vulncheck.com/advisories/aquatronica-controller-system-credential-leak • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-5416 – Keycloak-core: keycloak environment information
https://notcve.org/view.php?id=CVE-2025-5416
20 Jun 2025 — A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information. • https://access.redhat.com/security/cve/CVE-2025-5416 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32753
https://notcve.org/view.php?id=CVE-2025-32753
20 Jun 2025 — A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, information disclosure, and information tampering. • https://www.dell.com/support/kbdoc/en-us/000326339/dsa-2025-208-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49715 – Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-49715
20 Jun 2025 — Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49715 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36050 – IBM QRadar SIEM information disclosure
https://notcve.org/view.php?id=CVE-2025-36050
19 Jun 2025 — IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user. • https://www.ibm.com/support/pages/node/7237317 • CWE-532: Insertion of Sensitive Information into Log File •