CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38611 – vmci: Prevent the dispatching of uninitialized payloads
https://notcve.org/view.php?id=CVE-2025-38611
19 Aug 2025 — Before dispatching the datagram, and before setting the payload content, explicitly set the payload content to 0 to avoid data leakage caused by incomplete payload initialization. • https://git.kernel.org/stable/c/28d6692cd8fb2a900edba5e5983be4478756ef6f •
CVSS: 5.3EPSS: %CPEs: -EXPL: 1CVE-2025-9139 – Scada-LTS WatchListDwr.init.dwr information disclosure
https://notcve.org/view.php?id=CVE-2025-9139
19 Aug 2025 — Executing manipulation can lead to information disclosure. ... Durch die Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://vuldb.com/?id.320519 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-54118 – NamelessMC allows sensitive information disclosure in member list component
https://notcve.org/view.php?id=CVE-2025-54118
18 Aug 2025 — Sensitive information disclosure in NamelessMC before 2.2.4 allows unauthenticated remote attacker to gain sensitive information such as absolute path of the source code via list parameter. • https://github.com/NamelessMC/Nameless/security/advisories/GHSA-cj37-8jqc-hv2w • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33100 – IBM Concert Software information disclosure
https://notcve.org/view.php?id=CVE-2025-33100
18 Aug 2025 — IBM Concert Software 1.0.0 through 1.1.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. • https://www.ibm.com/support/pages/node/7242354 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1759 – IBM Concert Software information disclosure
https://notcve.org/view.php?id=CVE-2025-1759
18 Aug 2025 — IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory. • https://www.ibm.com/support/pages/node/7242354 • CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection') •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49827 – IBM Concert Software information disclosure
https://notcve.org/view.php?id=CVE-2024-49827
18 Aug 2025 — IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to excessive data exposure, allowing attackers to access sensitive information without proper filtering. • https://www.ibm.com/support/pages/node/7242354 • CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52619 – HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure
https://notcve.org/view.php?id=CVE-2025-52619
15 Aug 2025 — HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about the underlying platform. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123330 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7499 – BetterDocs <= 4.1.1 - Missing Authorization to Private And Password-Protected Posts Information Disclosure
https://notcve.org/view.php?id=CVE-2025-7499
15 Aug 2025 — The BetterDocs – Advanced AI-Driven Documentation, FAQ & Knowledge Base Tool for Elementor & Gutenberg with Encyclopedia, AI Support, Instant Answers plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_response function in all versions up to and including 4.1.1. This makes it possible for unauthenticated attackers to retrieve passwords for password-protected documents as well as the metadata of private and draft documents. • https://www.wordfence.com/threat-intel/vulnerabilities/id/5231b741-4d02-45b5-b2aa-0d9d3536a416?source=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-8091 – EventON Lite <= 2.4.6 - Authenticated (Contributor+) Information Disclosure
https://notcve.org/view.php?id=CVE-2025-8091
14 Aug 2025 — The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the add_single_eventon and add_eventon shortcodes due to insufficient restrictions on which posts can be included. • https://www.wordfence.com/threat-intel/vulnerabilities/id/421fcee2-a05d-4486-837e-ddee3d73d737?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-9039 – Information Disclosure in Amazon ECS Container Agent
https://notcve.org/view.php?id=CVE-2025-9039
14 Aug 2025 — We identified an issue in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incoming connections that include the port where the server is hosted. This issue does not affect instances where the option to allow off-host access to the introspection server is set to 'false'. This issue has been addressed in ECS agent version 1.97.1. We recommend upgrading ... • https://github.com/aws/amazon-ecs-agent/releases/tag/v1.97.1 • CWE-277: Insecure Inherited Permissions •