CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2025-55325 – Windows Storage Management Provider Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-55325
14 Oct 2025 — Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55325 • CWE-126: Buffer Over-read •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-27906 – IBM Content Navigator information disclosure
https://notcve.org/view.php?id=CVE-2025-27906
14 Oct 2025 — IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified. • https://www.ibm.com/support/pages/node/7247854 • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-40765
https://notcve.org/view.php?id=CVE-2025-40765
14 Oct 2025 — The affected application contains an information disclosure vulnerability. • https://cert-portal.siemens.com/productcert/html/ssa-062309.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2025-20724
https://notcve.org/view.php?id=CVE-2025-20724
14 Oct 2025 — This could lead to local information disclosure with User execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/October-2025 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 21EXPL: 0CVE-2025-20722
https://notcve.org/view.php?id=CVE-2025-20722
14 Oct 2025 — This could lead to local information disclosure if a malicious actor has already obtained the System privilege. • https://corp.mediatek.com/product-security-bulletin/October-2025 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-42903 – User Enumeration and Sensitive Data Exposure via RFC Function in SAP Financial Service Claims Management
https://notcve.org/view.php?id=CVE-2025-42903
14 Oct 2025 — A vulnerability in SAP Financial Service Claims Management RFC function ICL_USER_GET_NAME_AND_ADDRESS allows user enumeration and potential disclosure of personal data through response discrepancies, causing low impact on confidentiality with no impact on integrity or availability. • https://me.sap.com/notes/3656781 • CWE-204: Observable Response Discrepancy •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2025-62362 – Name and e-mail of employee that has done a publication is discoverable in gpp-burgerportaal
https://notcve.org/view.php?id=CVE-2025-62362
13 Oct 2025 — This information disclosure may violate employee privacy expectations and could be used for targeted attacks or unwanted contact. • https://github.com/GPP-Woo/GPP-burgerportaal/security/advisories/GHSA-pgg6-2865-2788 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-10732 – SureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Information Disclosure
https://notcve.org/view.php?id=CVE-2025-10732
13 Oct 2025 — The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.12.1. • https://plugins.trac.wordpress.org/browser/sureforms/tags/1.12.0/inc/global-settings/global-settings.php#L314 • CWE-862: Missing Authorization •
CVSS: 3.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-11647 – Tomofun Furbo 360/Furbo Mini GATT Service information disclosure
https://notcve.org/view.php?id=CVE-2025-11647
12 Oct 2025 — This manipulation of the argument DeviceToken causes information disclosure. ... This manipulation of the argument DeviceToken causes information disclosure. ... Durch Beeinflussen des Arguments DeviceToken mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Information-Disclosure-DeviceToken.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-11646 – Tomofun Furbo 360/Furbo Mini GATT Service access control
https://notcve.org/view.php?id=CVE-2025-11646
12 Oct 2025 — A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The attack can only be performed from the local network. The exploit is now public and may be used. • https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Information-Disclosure-P2PUUID.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •