CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-20663
https://notcve.org/view.php?id=CVE-2025-20663
07 Apr 2025 — In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/April-2025 • CWE-248: Uncaught Exception •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-20655
https://notcve.org/view.php?id=CVE-2025-20655
07 Apr 2025 — This could lead to local information disclosure if a malicious actor has already obtained the System privilege. • https://corp.mediatek.com/product-security-bulletin/April-2025 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-29594
https://notcve.org/view.php?id=CVE-2025-29594
07 Apr 2025 — Specifically, the $_GET['errorcode'] parameter can be manipulated to access unauthorized error codes, leading to Cross-Site Scripting (XSS) attacks and information disclosure. • https://github.com/LielXD/CS2-WeaponPaints-Website/blob/b1d8364c1cbcab6981a564d8abe43b1cc26a2503/errorpage.php#L41 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42208 – HCL Connections is vulnerable to an information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-42208
04 Apr 2025 — HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120347 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32238 – WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.2 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-32238
04 Apr 2025 — Generation of Error Message Containing Sensitive Information vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Retrieve Embedded Sensitive Data. ... This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/meeting-scheduler-by-vcita/vulnerability/wordpress-online-booking-scheduling-calendar-for-wordpress-by-vcita-plugin-4-5-2-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32251 – WordPress Jetpack Feedback Exporter <= 1.23 - Sensitive Data Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2025-32251
04 Apr 2025 — Tyler Wiest Jetpack Feedback Exporter allows Retrieve Embedded Sensitive Data. ... This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/jetpack-feedback-exporter/vulnerability/wordpress-jetpack-feedback-exporter-1-23-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32255 – WordPress StaffList plugin <= 3.2.6 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-32255
04 Apr 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ERA404 StaffList allows Retrieve Embedded Sensitive Data. ... This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/stafflist/vulnerability/wordpress-stafflist-plugin-3-2-6-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32257 – WordPress 1 Click WordPress Migration Plugin <= 2.2 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-32257
04 Apr 2025 — Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration allows Retrieve Embedded Sensitive Data. ... This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/1-click-migration/vulnerability/wordpress-1-click-wordpress-migration-plugin-2-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-1258: Exposure of Sensitive System Information Due to Uncleared Debug Information •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32164 – WordPress m1.DownloadList plugin <= 0.21 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-32164
04 Apr 2025 — This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/m1downloadlist/vulnerability/wordpress-m1-downloadlist-plugin-0-21-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32228 – WordPress Ai Image Alt Text Generator for WP plugin <= 1.0.8 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-32228
04 Apr 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/ai-image-alt-text-generator-for-wp/vulnerability/wordpress-ai-image-alt-text-generator-for-wp-plugin-1-0-8-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •