CVSS: 10.0EPSS: %CPEs: 1EXPL: 0CVE-2025-30206 – Dpanel's hard-coded JWT secret leads to remote code execution
https://notcve.org/view.php?id=CVE-2025-30206
15 Apr 2025 — Consequently, this enables full control over the host machine, potentially leading to severe consequences such as sensitive data exposure, unauthorized command execution, privilege escalation, or further lateral movement within the network environment. • https://github.com/donknap/dpanel/security/advisories/GHSA-j752-cjcj-w847 • CWE-321: Use of Hard-coded Cryptographic Key CWE-453: Insecure Default Variable Initialization CWE-547: Use of Hard-coded, Security-relevant Constants •
CVSS: 6.8EPSS: %CPEs: 1EXPL: 0CVE-2025-29817 – Microsoft Power Automate Desktop Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-29817
15 Apr 2025 — Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29817 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43851 – IBM Aspera Console information disclosure
https://notcve.org/view.php?id=CVE-2022-43851
14 Apr 2025 — IBM Aspera Console 3.4.0 through 3.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7169766 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43852 – IBM Aspera Console information disclosure
https://notcve.org/view.php?id=CVE-2022-43852
14 Apr 2025 — IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system. IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7169766 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0123 – PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures
https://notcve.org/view.php?id=CVE-2025-0123
11 Apr 2025 — For more information, review how to configure decryption port mirroring https://docs.paloaltonetworks.com/network-security/decryption/administration/monitoring-decryption/configure-decryption-port-mirroring . • https://security.paloaltonetworks.com/CVE-2025-0123 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32080 – Cross-origin data leak in mobilefrontend via lazy load images
https://notcve.org/view.php?id=CVE-2025-32080
11 Apr 2025 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - Mobile Frontend Extension allows Shared Resource Manipulation.This issue affects Mediawiki - Mobile Frontend Extension: from 1.39 through 1.43. • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/MobileFrontend/+/1123392 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32700 – AbuseFilter log interfaces expose global private and hidden filters when central DB is not available
https://notcve.org/view.php?id=CVE-2025-32700
10 Apr 2025 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. ... Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass. • https://phabricator.wikimedia.org/T389235 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-32699 – Potential javascript injection attack enabled by Unicode normalization in Action API
https://notcve.org/view.php?id=CVE-2025-32699
10 Apr 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass. • https://phabricator.wikimedia.org/T387130 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-32698 – LogPager.php: Restriction enforcer functions do not correctly enforce suppression restrictions
https://notcve.org/view.php?id=CVE-2025-32698
10 Apr 2025 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. ... Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass. • https://phabricator.wikimedia.org/T385958 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-32697 – Cascading protection is not preventing file reversions
https://notcve.org/view.php?id=CVE-2025-32697
10 Apr 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass. • https://phabricator.wikimedia.org/T140010 • CWE-281: Improper Preservation of Permissions •