CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32257 – WordPress 1 Click WordPress Migration Plugin <= 2.2 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-32257
04 Apr 2025 — Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration allows Retrieve Embedded Sensitive Data. ... This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/1-click-migration/vulnerability/wordpress-1-click-wordpress-migration-plugin-2-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-1258: Exposure of Sensitive System Information Due to Uncleared Debug Information •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32164 – WordPress m1.DownloadList plugin <= 0.21 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-32164
04 Apr 2025 — This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/m1downloadlist/vulnerability/wordpress-m1-downloadlist-plugin-0-21-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32228 – WordPress Ai Image Alt Text Generator for WP plugin <= 1.0.8 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-32228
04 Apr 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/ai-image-alt-text-generator-for-wp/vulnerability/wordpress-ai-image-alt-text-generator-for-wp-plugin-1-0-8-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31487 – The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server
https://notcve.org/view.php?id=CVE-2025-31487
03 Apr 2025 — The XWiki JIRA extension provides various integration points between XWiki and JIRA (macros, UI, CKEditor plugin). If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a DOCTYPE pointing to a local file on the XWiki server host and displaying that file's content in one of the returned JIRA fields (such as the summary or description for example). The vulnerability has been patched ... • https://github.com/xwiki-contrib/jira/commit/5049e352d16f8356734de70daf1202301f170ee6 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-0272 – HCL DevOps Deploy / HCL Launch is susceptible to an HTML injection vulnerability
https://notcve.org/view.php?id=CVE-2025-0272
03 Apr 2025 — This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120137 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31558 – WordPress TailPress plugin <= 0.4.4 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-31558
03 Apr 2025 — Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Greg TailPress allows Retrieve Embedded Sensitive Data. ... This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/tailpress/vulnerability/wordpress-tailpress-plugin-0-4-4-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56476 – IBM TXSeries for Multiplatforms information disclosure
https://notcve.org/view.php?id=CVE-2024-56476
02 Apr 2025 — IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker to enumerate usernames due to an observable login attempt response discrepancy. • https://www.ibm.com/support/pages/node/7229880 • CWE-204: Observable Response Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0154 – IBM TXSeries for Multiplatforms information disclosure
https://notcve.org/view.php?id=CVE-2025-0154
02 Apr 2025 — IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers. • https://www.ibm.com/support/pages/node/7229880 • CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3074 – Debian Security Advisory 5890-1
https://notcve.org/view.php?id=CVE-2025-3074
02 Apr 2025 — (Chromium security severity: Low) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3073 – Debian Security Advisory 5890-1
https://notcve.org/view.php?id=CVE-2025-3073
02 Apr 2025 — (Chromium security severity: Low) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html • CWE-451: User Interface (UI) Misrepresentation of Critical Information •