CVSS: 10.0EPSS: %CPEs: 1EXPL: 0CVE-2025-33208
https://notcve.org/view.php?id=CVE-2025-33208
03 Dec 2025 — A successful exploit of this vulnerability may lead to escalation of privileges, data tampering, denial of service, information disclosure. • https://nvd.nist.gov/vuln/detail/CVE-2025-33208 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-13947 – Webkit: webkitgtk: remote user-assisted information disclosure via file drag-and-drop
https://notcve.org/view.php?id=CVE-2025-13947
03 Dec 2025 — This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser. • https://access.redhat.com/security/cve/CVE-2025-13947 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-58113
https://notcve.org/view.php?id=CVE-2025-58113
02 Dec 2025 — By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. • https://talosintelligence.com/vulnerability_reports/TALOS-2025-2280 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13295 – Sensitive Data Exposure in ArgusTech's BILGER
https://notcve.org/view.php?id=CVE-2025-13295
02 Dec 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in Argus Technology Inc. • https://www.usom.gov.tr/bildirim/tr-25-0423 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20789
https://notcve.org/view.php?id=CVE-2025-20789
02 Dec 2025 — In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/December-2025 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-66306 – Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel
https://notcve.org/view.php?id=CVE-2025-66306
01 Dec 2025 — Prior to 1.8.0-beta.27, there is an IDOR (Insecure Direct Object Reference) vulnerability in the Grav CMS Admin Panel which allows low-privilege users to access sensitive information from other accounts. • https://github.com/getgrav/grav/commit/b7e1958a6e807ac14919447b60e5204a2ea77f62 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48894
https://notcve.org/view.php?id=CVE-2024-48894
01 Dec 2025 — A specially crafted HTTP request can lead to a disclosure of sensitive information. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2115 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-13807 – orionsec orion-ops API MachineKeyController.java MachineKeyController improper authorization
https://notcve.org/view.php?id=CVE-2025-13807
01 Dec 2025 — The vendor was contacted early about this disclosure but did not respond in any way. • https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-information-disclosure-1/report.md • CWE-266: Incorrect Privilege Assignment CWE-285: Improper Authorization •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-13804 – nutzam NutzBoot Ethereum Wallet EthModule.java information disclosure
https://notcve.org/view.php?id=CVE-2025-13804
01 Dec 2025 — Performing manipulation results in information disclosure. • https://github.com/Xzzz111/exps/blob/main/archives/nutzboot-InfoLeak-1/report.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2025-13785 – yungifez Skuul School Management System Image profile information disclosure
https://notcve.org/view.php?id=CVE-2025-13785
30 Nov 2025 — Such manipulation leads to information disclosure. ... The vendor was contacted early about this disclosure but did not respond in any way. • https://gist.github.com/thezeekhan/02f5255506080849fc732eea07008634 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •