CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2025-66437
https://notcve.org/view.php?id=CVE-2025-66437
15 Dec 2025 — This leads to server-side code execution or database information disclosure. • https://iamanc.github.io/post/erpnext-ssti-bug-4 •
CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2025-66438
https://notcve.org/view.php?id=CVE-2025-66438
15 Dec 2025 — This leads to information disclosure from the database, such as database version, schema details, or sensitive values, depending on the injected payload. • https://iamanc.github.io/post/erpnext-ssti-bug-5 •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43437
https://notcve.org/view.php?id=CVE-2025-43437
12 Dec 2025 — An information disclosure issue was addressed with improved privacy controls. • https://support.apple.com/en-us/125632 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46276
https://notcve.org/view.php?id=CVE-2025-46276
12 Dec 2025 — An information disclosure issue was addressed with improved privacy controls. • https://support.apple.com/en-us/125887 •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-9218 – rtMedia for WordPress, BuddyPress and bbPress 4.7.0 - 4.7.3 - Missing Authorization to Unauthenticated Information Disclosure via handle_rest_pre_dispatch Function
https://notcve.org/view.php?id=CVE-2025-9218
12 Dec 2025 — The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to Information Disclosure due to missing authorization in the handle_rest_pre_dispatch() function when the Godam plugin is active, in versions 4.7.0 to 4.7.3. • https://plugins.trac.wordpress.org/changeset/3386907/buddypress-media/tags/4.7.4/app/main/controllers/api/RTMediaJsonApi.php • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-54947 – Apache StreamPark: Use hard-coded key vulnerability
https://notcve.org/view.php?id=CVE-2025-54947
12 Dec 2025 — Attackers may obtain this key through reverse engineering or code analysis, potentially decrypting sensitive data or forging encrypted information, leading to information disclosure or unauthorized system access. • https://lists.apache.org/thread/kdntmzyzrco75x9q6mc6s8lty1fxmog1 • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 5.3EPSS: 1%CPEs: 91EXPL: 1CVE-2025-55183
https://notcve.org/view.php?id=CVE-2025-55183
11 Dec 2025 — An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. • https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36929
https://notcve.org/view.php?id=CVE-2025-36929
11 Dec 2025 — In AreFencesRegistered of gxp_fence_manager.cc, there is a possible information leak due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2025-12-01 • CWE-20: Improper Input Validation •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36922
https://notcve.org/view.php?id=CVE-2025-36922
11 Dec 2025 — In bigo_map of bigo_iommu.c, there is a possible information disclosure due to a use after free. • https://source.android.com/security/bulletin/pixel/2025-12-01 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36921
https://notcve.org/view.php?id=CVE-2025-36921
11 Dec 2025 — This could lead to local information disclosure with baseband firmware compromise required. • https://source.android.com/security/bulletin/pixel/2025-12-01 • CWE-125: Out-of-bounds Read •