CVSS: 4.3EPSS: %CPEs: 6EXPL: 0CVE-2025-42903 – User Enumeration and Sensitive Data Exposure via RFC Function in SAP Financial Service Claims Management
https://notcve.org/view.php?id=CVE-2025-42903
14 Oct 2025 — A vulnerability in SAP Financial Service Claims Management RFC function ICL_USER_GET_NAME_AND_ADDRESS allows user enumeration and potential disclosure of personal data through response discrepancies, causing low impact on confidentiality with no impact on integrity or availability. • https://me.sap.com/notes/3656781 • CWE-204: Observable Response Discrepancy •
CVSS: 6.9EPSS: %CPEs: 3EXPL: 0CVE-2025-62362 – Name and e-mail of employee that has done a publication is discoverable in gpp-burgerportaal
https://notcve.org/view.php?id=CVE-2025-62362
13 Oct 2025 — This information disclosure may violate employee privacy expectations and could be used for targeted attacks or unwanted contact. • https://github.com/GPP-Woo/GPP-burgerportaal/security/advisories/GHSA-pgg6-2865-2788 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 8.6EPSS: %CPEs: 2EXPL: 0CVE-2025-61688 – Omni leaks information via the API
https://notcve.org/view.php?id=CVE-2025-61688
13 Oct 2025 — Prior to 1.1.5 and 1.0.2, Omni might leak sensitive information via an API. • https://github.com/siderolabs/omni/security/advisories/GHSA-77r9-w39m-9xh5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: %CPEs: 1EXPL: 0CVE-2025-10732 – SureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Information Disclosure
https://notcve.org/view.php?id=CVE-2025-10732
13 Oct 2025 — The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.12.1. ... This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve sensitive information including API keys for Google reCAPTCHA, Cloudflare Turnstile, hCaptcha, admin email addresses, and security-related form settings. • https://plugins.trac.wordpress.org/browser/sureforms/tags/1.12.0/inc/global-settings/global-settings.php#L314 • CWE-862: Missing Authorization •
CVSS: 3.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-11647 – Tomofun Furbo 360/Furbo Mini GATT Service information disclosure
https://notcve.org/view.php?id=CVE-2025-11647
12 Oct 2025 — This manipulation of the argument DeviceToken causes information disclosure. ... Durch Beeinflussen des Arguments DeviceToken mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Information-Disclosure-DeviceToken.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-11646 – Tomofun Furbo 360/Furbo Mini GATT Service access control
https://notcve.org/view.php?id=CVE-2025-11646
12 Oct 2025 — A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The attack can only be performed from the local network. The exploit is now public and may be used. • https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Information-Disclosure-P2PUUID.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 2.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-11634 – Tomofun Furbo 360/Furbo Mini UART information disclosure
https://notcve.org/view.php?id=CVE-2025-11634
12 Oct 2025 — The manipulation results in information disclosure. ... Die Manipulation führt zu information disclosure. • https://vuldb.com/?ctiid.328045 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-9549 – Facets - Moderately critical - Information Disclosure - SA-CONTRIB-2025-099
https://notcve.org/view.php?id=CVE-2025-9549
10 Oct 2025 — Missing Authorization vulnerability in Drupal Facets allows Forceful Browsing.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1. • https://www.drupal.org/sa-contrib-2025-099 • CWE-862: Missing Authorization •
CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2025-23282
https://notcve.org/view.php?id=CVE-2025-23282
10 Oct 2025 — A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. • https://nvd.nist.gov/vuln/detail/CVE-2025-23282 • CWE-415: Double Free •
CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 0CVE-2025-23280
https://notcve.org/view.php?id=CVE-2025-23280
10 Oct 2025 — A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. • https://nvd.nist.gov/vuln/detail/CVE-2025-23280 • CWE-416: Use After Free •