CVE & Exploit Intelligence Database

CVE-2025-60095 4.3 MEDIUM EPSS 0.00

Insertion of Sensitive Information Into Sent Data vulnerability in Benjamin Intal Stackable allows Retrieve Embedded Sensitive Data. This issue affects Stackable: from n/a through 3.18.1.

CWE-201 Sep 26, 2025

CVE-2025-59010 7.5 HIGH EPSS 0.00

Insertion of Sensitive Information Into Sent Data vulnerability in Maciej Bis Permalink Manager Lite allows Retrieve Embedded Sensitive Data. This issue affects Permalink Manager Lite: from n/a through 2.5.1.3.

CWE-201 Sep 26, 2025

CVE-2025-58246 4.3 MEDIUM EPSS 0.00

Insertion of Sensitive Information Into Sent Data vulnerability in WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on a fix. This is a low-severity vulnerability. Contributor-level privileges required in order to exploit it. This issue affects WordPress: from 6.8 through 6.8.2, from 6.7 through 6.7.3, from 6.6 through 6.6.3, from 6.5 through 6.5.6, from 6.4 through 6.4.6, from 6.3 through 6.3.6, from 6.2 through 6.2.7, from 6.1 through 6.1.8, from 6.0 through 6.0.10, from 5.9 through 5.9.11, from 5.8 through 5.8.11, from 5.7 through 5.7.13, from 5.6 through 5.6.15, from 5.5 through 5.5.16, from 5.4 through 5.4.17, from 5.3 through 5.3.19, from 5.2 through 5.2.22, from 5.1 through 5.1.20, from 5.0 through 5.0.23, from 4.9 through 4.9.27, from 4.8 through 4.8.26, from 4.7 through 4.7.30.

CWE-201 Sep 23, 2025

CVE-2025-43814 6.5 MEDIUM EPSS 0.00

In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions the audit events records a user’s password reminder answer, which allows remote authenticated users to obtain a user’s password reminder answer via the audit events.

CWE-201 Sep 22, 2025

CVE-2025-58649 4.3 MEDIUM EPSS 0.00

Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi All In One SEO Pack allows Retrieve Embedded Sensitive Data. This issue affects All In One SEO Pack: from n/a through 4.8.7.

CWE-201 Sep 22, 2025

CVE-2025-58252 4.3 MEDIUM EPSS 0.00

Insertion of Sensitive Information Into Sent Data vulnerability in jetmonsters Getwid allows Retrieve Embedded Sensitive Data. This issue affects Getwid: from n/a through 2.1.2.

CWE-201 Sep 22, 2025

CVE-2025-58249 4.3 MEDIUM EPSS 0.00

Insertion of Sensitive Information Into Sent Data vulnerability in Themeum Qubely allows Retrieve Embedded Sensitive Data. This issue affects Qubely: from n/a through 1.8.14.

CWE-201 Sep 22, 2025

CVE-2025-58226 5.3 MEDIUM EPSS 0.00

Insertion of Sensitive Information Into Sent Data vulnerability in iberezansky 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery allows Retrieve Embedded Sensitive Data. This issue affects 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through 1.16.16.

CWE-201 Sep 22, 2025

CVE-2025-57923 5.3 MEDIUM EPSS 0.00

An Insertion of Sensitive Information into Sent Data vulnerability in the Ideal Postcodes UK Address Postcode Validation WordPress plugin exposes the API key, allowing unauthorized third parties to retrieve and reuse the key across any domain. Since API keys are unrestricted by default, with the “Allowed URLs” field left empty upon creation of API key this can lead to unauthorized use and depletion of API credits.Note: the vulnerability is assessed based on the default configuration.This issue affects UK Address Postcode Validation: from n/a through 3.9.2.

CWE-201 Sep 22, 2025

CVE-2025-57922 5.3 MEDIUM EPSS 0.00

Insertion of Sensitive Information Into Sent Data vulnerability in Coordinadora Mercantil S.A. Envíos Coordinadora Woocommerce allows Retrieve Embedded Sensitive Data. This issue affects Envíos Coordinadora Woocommerce: from n/a through 1.1.31.

CWE-201 Sep 22, 2025

CVE-2025-5519 6.5 MEDIUM EPSS 0.00

Insertion of Sensitive Information Into Sent Data vulnerability in ArgusTech BILGER allows Choosing Message Identifier.This issue affects BILGER: before 2.4.6.

CWE-201 Sep 16, 2025

CVE-2025-58872 6.5 MEDIUM EPSS 0.00

Insertion of Sensitive Information Into Sent Data vulnerability in premiumbizthemes Simple Price Calculator allows Retrieve Embedded Sensitive Data. This issue affects Simple Price Calculator: from n/a through 1.3.

CWE-201 Sep 05, 2025

CVE-2025-44017 4.3 MEDIUM EPSS 0.00

"Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT (JSON Web Token).

CWE-201 Sep 02, 2025

CVE-2025-55750 6.5 MEDIUM 1 Writeup EPSS 0.00

Gitpod is a developer platform for cloud development environments. In versions before main-gha.33628 for both Gitpod Classic and Gitpod Classic Enterprise, OAuth integration with Bitbucket in certain conditions allowed a crafted link to expose a valid Bitbucket access token via the URL fragment when clicked by an authenticated user. This resulted from how Bitbucket returned tokens and how Gitpod handled the redirect flow. The issue was limited to Bitbucket (GitHub and GitLab integrations were not affected), required user interaction, and has been mitigated through redirect handling and OAuth logic hardening. The issue was resolved in main-gha.33628 and later. There are no workarounds.

CWE-201 Aug 29, 2025

CVE-2025-48361 5.3 MEDIUM EPSS 0.00

Insertion of Sensitive Information Into Sent Data vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Retrieve Embedded Sensitive Data. This issue affects Hesabfa Accounting: from n/a through 2.2.4.

CWE-201 Aug 28, 2025

CVE-2025-20348 5.0 MEDIUM EPSS 0.00

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit th vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions, such as accessing sensitive information regarding HTTP Proxy and NTP configurations, uploading images, and damaging image files on an affected device.

CWE-201 Aug 27, 2025

CVE-2025-43768 7.7 HIGH EPSS 0.00

Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows authenticated users without any permissions to access sensitive information of admin users using JSONWS APIs.

CWE-201 Aug 23, 2025

CVE-2025-41415 6.5 MEDIUM EPSS 0.00

The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to access publication targets) to retrieve sensitive information that could then be used to gain additional access to downstream resources.

CWE-201 Aug 21, 2025

CVE-2025-55715 7.5 HIGH EPSS 0.00

Insertion of Sensitive Information Into Sent Data vulnerability in Themeisle Otter - Gutenberg Block allows Retrieve Embedded Sensitive Data. This issue affects Otter - Gutenberg Block: from n/a through 3.1.0.

CWE-201 Aug 20, 2025

CVE-2025-54008 6.5 MEDIUM EPSS 0.00

Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetSmartFilters allows Retrieve Embedded Sensitive Data. This issue affects JetSmartFilters: from n/a through 3.6.7.

CWE-201 Aug 20, 2025