CVSS: 9.2EPSS: %CPEs: 1EXPL: 1CVE-2025-34026 – Versa Concerto Actuator Authentication Bypass Information Leak
https://notcve.org/view.php?id=CVE-2025-34026
21 May 2025 — The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable. • https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce • CWE-287: Improper Authentication •
CVSS: 3.3EPSS: %CPEs: 1EXPL: 0CVE-2025-48064 – GitHub Desktop vulnerable to maliciously crafted file renames leading to information disclosure
https://notcve.org/view.php?id=CVE-2025-48064
21 May 2025 — Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means of Git attempting to access a network share. ... This can lead to Git attempting to access a path that resides on a network share (UNC path) and in doing so Windows will attempt to perform NTLM authentication which passes information such as the computer name, the currently signed in (Windows) user name, and an NTLM hash. • https://github.com/desktop/desktop/security/advisories/GHSA-f234-7hj3-vr8j • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.1EPSS: %CPEs: 1EXPL: 0CVE-2025-1418 – Information disclosure in Proget MDM
https://notcve.org/view.php?id=CVE-2025-1418
21 May 2025 — A low-privileged user can access information about profiles created in Proget MDM (Mobile Device Management), which contain details about allowed/prohibited functions. A low-privileged user can access information about profiles created in Proget MDM (Mobile Device Management), which contain details about allowed/prohibited functions. The profiles do not reveal any sensitive information (including their usage in connected devices). The profiles do not reveal any sensitive information<... • https://cert.pl/en/posts/2025/05/CVE-2025-1415 • CWE-863: Incorrect Authorization •
CVSS: 4.6EPSS: %CPEs: 1EXPL: 0CVE-2025-1417 – Information disclosure in Proget MDM
https://notcve.org/view.php?id=CVE-2025-1417
21 May 2025 — In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the MDM (Mobile Device Management). This information include user ids, email addresses, first names, last names and device UUIDs. • https://cert.pl/en/posts/2025/05/CVE-2025-1415 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1415 – Information disclosure in Proget MDM
https://notcve.org/view.php?id=CVE-2025-1415
21 May 2025 — A low-privileged user is able to obtain information about tasks executed on devices controlled by Proget MDM (Mobile Device Management), as well as details of the devices like their UUIDs needed for exploitation of CVE-2025-1416. • https://cert.pl/en/posts/2025/05/CVE-2025-1415 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-4949 – XXE vulnerability in Eclipse JGit
https://notcve.org/view.php?id=CVE-2025-4949
21 May 2025 — This vulnerability can lead to information disclosure, denial of service, and other security issues. • https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1 • CWE-611: Improper Restriction of XML External Entity Reference CWE-827: Improper Control of Document Type Definition •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4980 – Netgear DGND3700 mini_http currentsetting.htm information disclosure
https://notcve.org/view.php?id=CVE-2025-4980
20 May 2025 — The manipulation leads to information disclosure. ... Dank Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/at0de/my_vulns/blob/main/Netgear/DGND3700v2/currentsetting.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 3.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-47937 – TYPO3 Vulnerable to Information Disclosure via DBAL Restriction Handling
https://notcve.org/view.php?id=CVE-2025-47937
20 May 2025 — TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables through the database abstraction layer (DBAL), frontend user permissions are only applied via `FrontendGroupRestriction` to the first table. As a result, data from additional tables included in the same query may be unintentionally exposed to unauthorized users. Users... • https://github.com/TYPO3/typo3/security/advisories/GHSA-x8pv-fgxp-8v3x • CWE-863: Incorrect Authorization •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4977 – Netgear DGND3700 BRS_top.html information disclosure
https://notcve.org/view.php?id=CVE-2025-4977
20 May 2025 — The manipulation leads to information disclosure. ... Durch Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/at0de/my_vulns/blob/main/Netgear/DGND3700v2/BRS_top.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-41230 – VMware Cloud Foundation Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-41230
20 May 2025 — VMware Cloud Foundation contains an information disclosure vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to gain access to sensitive information. VMware Cloud Foundation contains an information disclosure vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to gain access to sensitive information. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25733 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •