CVSS: 9.2EPSS: 0%CPEs: -EXPL: 0CVE-2025-0632 – Local File Inclusion (LFI) leading to sensitive data exposure
https://notcve.org/view.php?id=CVE-2025-0632
21 Apr 2025 — Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to exfiltrate data including credentials, and with no rate limiting a malicious actor could enumerate the filesystem of the host machine and potentially lead to full host compromise. • https://www.formulatrix.com/downloads/apps/repository/rockmaker • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-28235
https://notcve.org/view.php?id=CVE-2025-28235
18 Apr 2025 — An information disclosure vulnerability in the component /socket.io/1/websocket/ of Soundcraft Ui Series Model(s) Ui12 and Ui16 Firmware v1.0.7x and v1.0.5x allows attackers to access Administrator credentials in plaintext. • https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-28235 •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-24651 – WordPress WebToffee WP Backup and Migration plugin <= 1.5.3 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-24651
17 Apr 2025 — Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration allows Retrieve Embedded Sensitive Data. • https://patchstack.com/database/wordpress/plugin/wp-migration-duplicator/vulnerability/wordpress-webtoffee-wp-backup-and-migration-plugin-1-5-3-sensitive-data-exposure-vulnerability? • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-32635 – WordPress Hive Support plugin <= 1.2.2 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-32635
17 Apr 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in Hive Support Hive Support allows Retrieve Embedded Sensitive Data. • https://patchstack.com/database/wordpress/plugin/hive-support/vulnerability/wordpress-hive-support-plugin-1-2-2-sensitive-data-exposure-vulnerability? • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-39439 – WordPress wpLike2Get plugin <= 1.2.9 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-39439
17 Apr 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Markus Drubba wpLike2Get allows Retrieve Embedded Sensitive Data. • https://patchstack.com/database/wordpress/plugin/wplike2get/vulnerability/wordpress-wplike2get-plugin-1-2-9-sensitive-data-exposure-vulnerability? • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26478
https://notcve.org/view.php?id=CVE-2025-26478
17 Apr 2025 — An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure. • https://www.dell.com/support/kbdoc/en-in/000300068/dsa-2025-097-security-update-for-dell-objectscale-4-0-multiple-vulnerabilities • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3620 – Debian Security Advisory 5903-1
https://notcve.org/view.php?id=CVE-2025-3620
16 Apr 2025 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3619 – Debian Security Advisory 5903-1
https://notcve.org/view.php?id=CVE-2025-3619
16 Apr 2025 — (Chromium security severity: Critical) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22314 – IBM Storage Defender - Resiliency Service information disclosure
https://notcve.org/view.php?id=CVE-2024-22314
16 Apr 2025 — IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7229903 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39556 – WordPress Mediavine Control Panel plugin <= 2.10.6 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-39556
16 Apr 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mediavine Mediavine Control Panel allows Retrieve Embedded Sensitive Data. • https://patchstack.com/database/wordpress/plugin/mediavine-control-panel/vulnerability/wordpress-mediavine-control-panel-plugin-2-10-6-sensitive-data-exposure-vulnerability? • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •