
CVE-2018-25111
https://notcve.org/view.php?id=CVE-2018-25111
31 May 2025 — django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in models.py. • https://github.com/django-helpdesk/django-helpdesk/issues/591 • CWE-277: Insecure Inherited Permissions •

CVE-2025-48331 – WordPress WooCommerce Orders & Customers Exporter <= 5.0 - Sensitive Data Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2025-48331
30 May 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in Vanquish WooCommerce Orders & Customers Exporter allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Orders & Customers Exporter: from n/a through 5.0. • https://patchstack.com/database/wordpress/plugin/woocommerce-orders-customers-exporter/vulnerability/wordpress-woocommerce-orders-customers-exporter-5-0-sensitive-data-exposure-vulnerability? • CWE-201: Insertion of Sensitive Information Into Sent Data •

CVE-2025-48381 – CVAT has information disclosure via browsable API
https://notcve.org/view.php?id=CVE-2025-48381
30 May 2025 — Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. In versions starting from 2.4.0 to before 2.38.0, an authenticated CVAT user may be able to retrieve the IDs and names of all tasks, projects, labels, and the IDs of all jobs and quality reports on the CVAT instance. In addition, if the instance contains many resources of a particular type, retrieving this information may tie up system resources, denying access to legitimate users. This issue has be... • https://github.com/cvat-ai/cvat/commit/7136c99fb2c3a5cb2d8c3ca54b4201b9fa6aab5a • CWE-201: Insertion of Sensitive Information Into Sent Data •

CVE-2025-32752
https://notcve.org/view.php?id=CVE-2025-32752
29 May 2025 — A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure. • https://www.dell.com/support/kbdoc/en-us/000325632/dsa-2025-225 • CWE-312: Cleartext Storage of Sensitive Information •

CVE-2025-46722 – vLLM has a Weakness in MultiModalHasher Image Hashing Implementation
https://notcve.org/view.php?id=CVE-2025-46722
29 May 2025 — This may lead to hash collisions, incorrect cache hits, and even data leakage or security risks. • https://github.com/vllm-project/vllm/commit/99404f53c72965b41558aceb1bc2380875f5d848 • CWE-1023: Incomplete Comparison with Missing Factors CWE-1288: Improper Validation of Consistency within Input •

CVE-2025-3755 – Information Disclosure and Denial-of-Service(DoS) Vulnerability in MELSEC iQ-F Series CPU module
https://notcve.org/view.php?id=CVE-2025-3755
29 May 2025 — Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or to stop the operation of the CPU module (causing a DoS condtion on the CPU module), by sending specially crafted packets. The product is needed to reset for recovery. • https://jvn.jp/vu/JVNVU94070048 • CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •

CVE-2024-47056 – Mautic does not shield .env files from web traffic
https://notcve.org/view.php?id=CVE-2024-47056
28 May 2025 — Sensitive Information Disclosure via .env File Exposure: The .env file, which typically contains environment variables and sensitive application configurations, is directly accessible via a web browser due to missing web server configurations that restrict access to such files. Sensitive Information Disclosure via .env File Exposure: The .env file, which typically contains environment variables and sensitive application configurations, is directly accessible via a web browser due... • https://github.com/mautic/mautic/security/advisories/GHSA-h2wg-v8wg-jhxh • CWE-312: Cleartext Storage of Sensitive Information •

CVE-2025-5257 – Predictable Page Indexing Might Lead to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2025-5257
28 May 2025 — SummaryThis advisory addresses a security vulnerability in Mautic where unpublished page previews could be accessed by unauthenticated users and potentially indexed by search engines. This could lead to the unintended disclosure of draft content or sensitive information. Unauthorized Access to Unpublished Page Previews: The page preview functionality for unpublished content, accessible via predictable URLs (e.g., /page/preview/1, /page/preview/2), lacked proper authorization checks. This allowed any unauthe... • https://github.com/mautic/mautic/security/advisories/GHSA-cqx4-9vqf-q3m8 • CWE-1284: Improper Validation of Specified Quantity in Input •

CVE-2024-38341 – IBM Sterling Secure Proxy information disclosure
https://notcve.org/view.php?id=CVE-2024-38341
28 May 2025 — IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7234888 • CWE-328: Use of Weak Hash •

CVE-2025-25029 – IBM Security Guardium information disclosure
https://notcve.org/view.php?id=CVE-2025-25029
28 May 2025 — IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input. • https://www.ibm.com/support/pages/node/7234827 • CWE-116: Improper Encoding or Escaping of Output •