CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6814 – Booking X 1.0 - 1.1.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via export_now() Function
https://notcve.org/view.php?id=CVE-2025-6814
03 Jul 2025 — The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_now() function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal credentials, by issuing a crafted POST request. El complemento Booking X para WordPress es vulnerable al acceso no autorizado a los datos debido a la falta de una comprobación de capacidad en la función export_now(... • https://plugins.trac.wordpress.org/browser/booking-x/tags/1.1.2/admin/class-bookingx-admin.php#L784 • CWE-862: Missing Authorization •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2025-6590 – Debian Security Advisory 5957-1
https://notcve.org/view.php?id=CVE-2025-6590
03 Jul 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, information disclosure, HTML injection or incorrect tracking of authentication events. •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2025-6591 – Debian Security Advisory 5957-1
https://notcve.org/view.php?id=CVE-2025-6591
03 Jul 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, information disclosure, HTML injection or incorrect tracking of authentication events. •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2025-6593 – Debian Security Advisory 5957-1
https://notcve.org/view.php?id=CVE-2025-6593
03 Jul 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, information disclosure, HTML injection or incorrect tracking of authentication events. •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2025-6594 – Debian Security Advisory 5957-1
https://notcve.org/view.php?id=CVE-2025-6594
03 Jul 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, information disclosure, HTML injection or incorrect tracking of authentication events. •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2025-6595 – Debian Security Advisory 5957-1
https://notcve.org/view.php?id=CVE-2025-6595
03 Jul 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, information disclosure, HTML injection or incorrect tracking of authentication events. •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2025-6597 – Debian Security Advisory 5957-1
https://notcve.org/view.php?id=CVE-2025-6597
03 Jul 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, information disclosure, HTML injection or incorrect tracking of authentication events. •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-6926 – Security Authentication Bypass in CentralAuth
https://notcve.org/view.php?id=CVE-2025-6926
03 Jul 2025 — Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, information disclosure, HTML injection or incorrect tracking of authentication events. • https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165117 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-34072 – Anthropic Slack MCP Server Data Exfiltration via Link Unfurling
https://notcve.org/view.php?id=CVE-2025-34072
02 Jul 2025 — A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol (MCP) Server via automatic link unfurling. When an AI agent using the Slack MCP Server processes untrusted data, it can be manipulated to generate messages containing attacker-crafted hyperlinks embedding sensitive data. Slack’s link preview bots (e.g., Slack-LinkExpanding, Slackbot, Slack-ImgProxy) will then issue outbound requests to the attacker-controlled URL, resulting in zero-click exfiltration of private d... • https://embracethered.com/blog/posts/2025/security-advisory-anthropic-slack-mcp-server-data-leakage • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 2CVE-2025-34057 – Ruijie NBR Router Administrative Credential Disclosure
https://notcve.org/view.php?id=CVE-2025-34057
02 Jul 2025 — An information disclosure vulnerability exists in Ruijie NBR series routers (known to affect NBR2000G, NBR1300G, and NBR1000 models) via the /WEB_VMS/LEVEL15/ endpoint. ... An information disclosure vulnerability exists in Ruijie NBR series routers (known to affect NBR2000G, NBR1300G, and NBR1000 models) via the /WEB_VMS/LEVEL15/ endpoint. • https://vulncheck.com/advisories/ruijie-nbr-router-administrative-credential-disclosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-306: Missing Authentication for Critical Function •