CVSS: 3.1EPSS: %CPEs: -EXPL: 1CVE-2025-15141 – Halo Configuration actuator information disclosure
https://notcve.org/view.php?id=CVE-2025-15141
28 Dec 2025 — Executing manipulation can lead to information disclosure. ... The vendor was contacted early about this disclosure but did not respond in any way. • https://github.com/SECWG/cve/issues/9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-15121 – JeecgBoot getDeptRoleByUserId information disclosure
https://notcve.org/view.php?id=CVE-2025-15121
28 Dec 2025 — Such manipulation of the argument departId leads to information disclosure. The vendor was contacted early about this disclosure but did not respond in any way. • https://github.com/Hwwg/cve/issues/34 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-68948 – SiYuan: Information Disclosure and Authentication Bypass via Hardcoded Session Secret
https://notcve.org/view.php?id=CVE-2025-68948
27 Dec 2025 — SiYuan is self-hosted, open source personal knowledge management software. In versions 3.5.1 and prior, the SiYuan Note application utilizes a hardcoded cryptographic secret for its session store. This unsafe practice renders the session encryption ineffective. Since the sensitive AccessAuthCode is stored within the session cookie, an attacker who intercepts or obtains a user's encrypted session cookie (e.g., via session hijacking) can locally decrypt it using the public key. Once decrypted, the attacker ca... • https://github.com/siyuan-note/siyuan/security/advisories/GHSA-f7ph-rc3w-qp28 • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 6.9EPSS: 0%CPEs: 48EXPL: 1CVE-2025-15082 – TOZED ZLT M30s Web Management proc_post information disclosure
https://notcve.org/view.php?id=CVE-2025-15082
25 Dec 2025 — Performing manipulation of the argument goformId results in information disclosure. ... The vendor was contacted early about this disclosure but did not respond in any way. • https://vuldb.com/?ctiid.338410 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 8.7EPSS: 0%CPEs: -EXPL: 1CVE-2019-25239 – V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download
https://notcve.org/view.php?id=CVE-2019-25239
24 Dec 2025 — V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. • https://www.exploit-db.com/exploits/47433 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 1CVE-2018-25129 – SOCA Access Control System 180612 Information Disclosure via Multiple Endpoints
https://notcve.org/view.php?id=CVE-2018-25129
24 Dec 2025 — SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through unprotected endpoints like Get_Permissions_From_DB.php and Ac10_ReadSortCard. • http://www.socatech.com • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-68606 – WordPress PostX plugin <= 5.0.3 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-68606
24 Dec 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3. • https://vdp.patchstack.com/database/Wordpress/Plugin/ultimate-post/vulnerability/wordpress-postx-plugin-5-0-3-sensitive-data-exposure-vulnerability? • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-68576 – WordPress Virusdie plugin <= 1.1.6 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-68576
24 Dec 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Virusdie Virusdie virusdie allows Retrieve Embedded Sensitive Data.This issue affects Virusdie: from n/a through <= 1.1.6. • https://vdp.patchstack.com/database/Wordpress/Plugin/virusdie/vulnerability/wordpress-virusdie-plugin-1-1-6-sensitive-data-exposure-vulnerability? • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-67621 – WordPress Eight Day Week Print Workflow plugin <= 1.2.5 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-67621
24 Dec 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in 10up Eight Day Week Print Workflow eight-day-week-print-workflow allows Retrieve Embedded Sensitive Data.This issue affects Eight Day Week Print Workflow: from n/a through <= 1.2.5. • https://vdp.patchstack.com/database/Wordpress/Plugin/eight-day-week-print-workflow/vulnerability/wordpress-eight-day-week-print-workflow-plugin-1-2-5-sensitive-data-exposure-vulnerability? • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54137 – vfio/type1: fix cap_migration information leak
https://notcve.org/view.php?id=CVE-2023-54137
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: vfio/type1: fix cap_migration information leak Fix an information leak where an uninitialized hole in struct vfio_iommu_type1_info_cap_migration on the stack is exposed to userspace. In the Linux kernel, the following vulnerability has been resolved: vfio/type1: fix cap_migration information leak Fix an information leak where an uninitialized hole in struct vfio_iommu_type1_info_cap_mi... • https://git.kernel.org/stable/c/ad721705d09c62f0d108a6b4f59867ebfd592c90 •