CVSS: 3.3EPSS: %CPEs: -EXPL: 0CVE-2025-0907 – PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-0907
31 Jan 2025 — The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. •
CVSS: 3.3EPSS: %CPEs: -EXPL: 0CVE-2025-0908 – PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-0908
31 Jan 2025 — The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. •
CVSS: 3.3EPSS: %CPEs: -EXPL: 0CVE-2025-0909 – PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-0909
31 Jan 2025 — The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. •
CVSS: 3.3EPSS: %CPEs: -EXPL: 0CVE-2025-0911 – PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-0911
31 Jan 2025 — The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0683 – Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Contec Health CMS8000 Patient Monitor
https://notcve.org/view.php?id=CVE-2025-0683
30 Jan 2025 — In its default configuration, the affected product transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a machine-in-the-middle scenario. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a machine-in-the-middle scenario. In its default configura... • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24784 – kubewarden-controller has an Information leak via AdmissionPolicyGroup Resource
https://notcve.org/view.php?id=CVE-2025-24784
30 Jan 2025 — kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. The policy group feature, added to by the 1.17.0 release. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluster resources. Hence, it’s considered safe to allow non-admin users to create and manage these resources in the namespaces they own. Kubewarden policies can be allowed to query the Kubernetes API at evaluation time; these types of policies are called ... • https://github.com/kubewarden/kubewarden-controller/commit/51a88dfbb4c090ce0f76a22d98106518e0824d0b • CWE-285: Improper Authorization •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22222 – VMware Aria Operations information disclosure vulnerability (CVE-2025-22222)
https://notcve.org/view.php?id=CVE-2025-22222
30 Jan 2025 — VMware Aria Operations contains an information disclosure vulnerability. ... VMware Aria Operations contains an information disclosure vulnerability. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329 •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22218 – VMware Aria Operations for Logs information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2025-22218
30 Jan 2025 — VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs VMware Aria Operations for Logs contains an information disclosure vulnerability. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329 •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35907 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2023-35907
29 Jan 2025 — IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. • https://www.ibm.com/support/pages/node/7181814 • CWE-521: Weak Password Requirements •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37413 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2023-37413
29 Jan 2025 — IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy. • https://www.ibm.com/support/pages/node/7181814 • CWE-204: Observable Response Discrepancy •