CVSS: 3.3EPSS: %CPEs: -EXPL: 0CVE-2025-0907 – PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-0907
31 Jan 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JB2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other ... •
CVSS: 3.3EPSS: %CPEs: -EXPL: 0CVE-2025-0908 – PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-0908
31 Jan 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other ... •
CVSS: 3.3EPSS: %CPEs: -EXPL: 0CVE-2025-0909 – PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-0909
31 Jan 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other ... •
CVSS: 3.3EPSS: %CPEs: -EXPL: 0CVE-2025-0911 – PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-0911
31 Jan 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other ... •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24784 – kubewarden-controller has an Information leak via AdmissionPolicyGroup Resource
https://notcve.org/view.php?id=CVE-2025-24784
30 Jan 2025 — kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. The policy group feature, added to by the 1.17.0 release. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluster resources. Hence, it’s considered safe to allow non-admin users to create and manage these resources in the namespaces they own. Kubewarden policies can be allowed to query the Kubernetes API at evaluation time; these types of policies are called ... • https://github.com/kubewarden/kubewarden-controller/commit/51a88dfbb4c090ce0f76a22d98106518e0824d0b • CWE-285: Improper Authorization •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22222 – VMware Aria Operations information disclosure vulnerability (CVE-2025-22222)
https://notcve.org/view.php?id=CVE-2025-22222
30 Jan 2025 — VMware Aria Operations contains an information disclosure vulnerability. ... VMware Aria Operations contains an information disclosure vulnerability. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329 •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22218 – VMware Aria Operations for Logs information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2025-22218
30 Jan 2025 — VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs VMware Aria Operations for Logs contains an information disclosure vulnerability. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329 •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35907 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2023-35907
29 Jan 2025 — IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. • https://www.ibm.com/support/pages/node/7181814 • CWE-521: Weak Password Requirements •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37413 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2023-37413
29 Jan 2025 — IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy. • https://www.ibm.com/support/pages/node/7181814 • CWE-204: Observable Response Discrepancy •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37398 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2023-37398
29 Jan 2025 — IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. • https://www.ibm.com/support/pages/node/7181814 • CWE-521: Weak Password Requirements •