CVSS: 5.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-36100 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2025-36100
07 Sep 2025 — IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0 Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user. • https://www.ibm.com/support/pages/node/7243544 • CWE-260: Password in Configuration File •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-58445 – Atlantis Exposes Service Version Publicly on /status API Endpoint
https://notcve.org/view.php?id=CVE-2025-58445
06 Sep 2025 — All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. • https://github.com/runatlantis/atlantis/security/advisories/GHSA-xh7v-965r-23f7 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-58373 – Roo Code: Symlink-bypass of .rooignore can lead to unintended file disclosure
https://notcve.org/view.php?id=CVE-2025-58373
05 Sep 2025 — An attacker able to modify files within the workspace could gain unauthorized access to sensitive information by bypassing .rooignore rules. • https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-p76r-7mc3-qh7c • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2025-39686 – comedi: Make insn_rw_emulate_bits() do insn->n samples
https://notcve.org/view.php?id=CVE-2025-39686
05 Sep 2025 — (That triggered KASAN kernel-infoleak errors when `insn->n` was greater than 1, but that is being fixed more generally elsewhere in the comedi core.) ... (That triggered KASAN kernel-infoleak errors when `insn->n` was greater than 1, but that is being fixed more generally elsewhere in the comedi core.) • https://git.kernel.org/stable/c/ed9eccbe8970f6eedc1b978c157caf1251a896d4 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-39684 – comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()
https://notcve.org/view.php?id=CVE-2025-39684
05 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() syzbot reports a KMSAN kernel-infoleak in `do_insn_ioctl()`. In the Linux kernel, the following vulnerability has been resolved: comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() syzbot reports a KMSAN kernel-infoleak in `do_insn_ioctl()`. ... The problem is that not all the instruction handlers tha... • https://git.kernel.org/stable/c/ed9eccbe8970f6eedc1b978c157caf1251a896d4 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32317
https://notcve.org/view.php?id=CVE-2025-32317
05 Sep 2025 — In App Widget, there is a possible Information Disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/android-16 • CWE-441: Unintended Proxy or Intermediary ('Confused Deputy') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32316
https://notcve.org/view.php?id=CVE-2025-32316
05 Sep 2025 — This could lead to local information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/android-16 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26434
https://notcve.org/view.php?id=CVE-2025-26434
05 Sep 2025 — This could lead to local information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/android-16 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-58866 – WordPress Site Info Plugin <= 1.1 - Sensitive Data Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2025-58866
05 Sep 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Rami Yushuvaev Site Info allows Retrieve Embedded Sensitive Data. • https://patchstack.com/database/wordpress/plugin/site-info-dashboard-widget/vulnerability/wordpress-site-info-plugin-1-1-sensitive-data-exposure-vulnerability? • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-58797 – WordPress Ninja Charts Plugin <= 3.3.2 - Sensitive Data Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2025-58797
05 Sep 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Mahmudul Hasan Arif Ninja Charts allows Retrieve Embedded Sensitive Data. • https://patchstack.com/database/wordpress/plugin/ninja-charts/vulnerability/wordpress-ninja-charts-plugin-3-3-2-sensitive-data-exposure-vulnerability? • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •