CVSS: 9.1EPSS: %CPEs: 1EXPL: 0CVE-2025-12082 – CivicTheme Design System - Moderately critical - Information disclosure - SA-CONTRIB-2025-112
https://notcve.org/view.php?id=CVE-2025-12082
29 Oct 2025 — Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0. • https://www.drupal.org/sa-contrib-2025-112 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 0CVE-2025-9954 – Acquia DAM - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-105
https://notcve.org/view.php?id=CVE-2025-9954
29 Oct 2025 — Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing.This issue affects Acquia DAM: from 0.0.0 before 1.1.5. • https://www.drupal.org/sa-contrib-2025-105 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-64228 – WordPress SUMO Affiliates Pro plugin <= 11.0.0 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-64228
29 Oct 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Retrieve Embedded Sensitive Data.This issue affects SUMO Affiliates Pro: from n/a through <= 11.0.0. • https://vdp.patchstack.com/database/Wordpress/Plugin/affs/vulnerability/wordpress-sumo-affiliates-pro-plugin-11-0-0-sensitive-data-exposure-vulnerability • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40035 – Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak
https://notcve.org/view.php?id=CVE-2025-40035
28 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak Struct ff_effect_compat is embedded twice inside uinput_ff_upload_compat, contains internal padding. In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak Struct ff_effect_compat is embedded twice inside uinput_ff_upload_compat, contains internal paddi... • https://git.kernel.org/stable/c/2d56f3a32c0e62f99c043d2579840f9731fe5855 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-62524 – PILOS Exposes PHP version
https://notcve.org/view.php?id=CVE-2025-62524
27 Oct 2025 — This information disclosure vulnerability originates from PHP’s base image. ... This information disclosure vulnerability has been patched in PILOS in v4.8.0. • https://github.com/THM-Health/PILOS/commit/14655bc4f8128ffd2b3c25004b01d9a802808da8 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-12297 – atjiu pybbs UserApiController.java information disclosure
https://notcve.org/view.php?id=CVE-2025-12297
27 Oct 2025 — The manipulation results in information disclosure. ... Die Bearbeitung verursacht information disclosure. • https://vuldb.com/?ctiid.329965 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-12276 – LearnHouse Image information disclosure
https://notcve.org/view.php?id=CVE-2025-12276
27 Oct 2025 — The manipulation results in information disclosure. ... Durch das Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://gist.github.com/KhanMarshaI/4a89e9d807094b6dd4a138bc5664e748 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-62895 – WordPress Atarim plugin <= 4.2 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-62895
27 Oct 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2. • https://vdp.patchstack.com/database/Wordpress/Plugin/atarim-visual-collaboration/vulnerability/wordpress-atarim-plugin-4-2-sensitive-data-exposure-vulnerability • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-34293 – GN4 Publishing System Insecure Direct Object Reference (IDOR) Information Disclosure
https://notcve.org/view.php?id=CVE-2025-34293
24 Oct 2025 — GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference (IDOR) vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the stored password and the account's security question and answer. The exposed recovery data and encrypted password may be used to reset or take over the target account. • https://www.vulncheck.com/advisories/gn4-publishing-system-idor-information-disclosure • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-62716 – Plane Vulnerable to Cross-Site Scripting via Open Redirect in ?next_path Parameter
https://notcve.org/view.php?id=CVE-2025-62716
24 Oct 2025 — The issue can be exploited without authentication and has severe impact, including information disclosure, and privilege escalation and modifications of administrative settings. • https://github.com/makeplane/plane/security/advisories/GHSA-6fj7-xgpg-mj6f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •