CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-39412 – LiquidJS has an ownPropertyOnly bypass via sort_natural filter — prototype property information disclosure through sorting side-channel
https://notcve.org/view.php?id=CVE-2026-39412
08 Apr 2026 — ., multi-tenant template systems) are exposed to information disclosure of sensitive prototype properties such as API keys and tokens. • https://github.com/harttle/liquidjs/commit/e743da0020d34e2ee547e1cc1a86b58377ebe1ce • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2026-34248 – Zammad has an information disclosure in ticket detail view of customers in shared organizations
https://notcve.org/view.php?id=CVE-2026-34248
08 Apr 2026 — Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations (means they can see each other's tickets) could see fields which are not intended for customers - including fields not intended for them at all (e.g. priority, custom ticket attributes for internal purposes). This was the case when a customer opened a ticket from another user of the same shared organization. They are not able to modify these field. This vulnerability is fixed in 7.0.1. • https://github.com/zammad/zammad/security/advisories/GHSA-prww-84vh-w978 • CWE-284: Improper Access Control •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2026-33458 – Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure
https://notcve.org/view.php?id=CVE-2026-33458
08 Apr 2026 — Server-Side Request Forgery (CWE-918) in Kibana One Workflow can lead to information disclosure. • https://discuss.elastic.co/t/kibana-9-3-3-security-update-esa-2026-28/385815 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2026-33460 – Incorrect Authorization in Kibana Fleet Leading to Information Disclosure
https://notcve.org/view.php?id=CVE-2026-33460
08 Apr 2026 — Incorrect Authorization (CWE-863) in Kibana can lead to cross-space information disclosure via Privilege Abuse (CAPEC-122). • https://discuss.elastic.co/t/kibana-8-19-14-9-2-8-9-3-3-security-update-esa-2026-25/385813 • CWE-863: Incorrect Authorization •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2026-33461 – Incorrect Authorization in Kibana Fleet Leading to Information Disclosure
https://notcve.org/view.php?id=CVE-2026-33461
08 Apr 2026 — Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse (CAPEC-122). • https://discuss.elastic.co/t/kibana-8-19-14-9-2-8-9-3-3-security-update-esa-2026-24/385812 • CWE-863: Incorrect Authorization •
CVSS: 9.3EPSS: 0%CPEs: 13EXPL: 0CVE-2025-14816 – Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64
https://notcve.org/view.php?id=CVE-2025-14816
08 Apr 2026 — Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions G... • https://jvn.jp/vu/JVNVU90646130 • CWE-317: Cleartext Storage of Sensitive Information in GUI •
CVSS: 9.3EPSS: 0%CPEs: 13EXPL: 0CVE-2025-14815 – Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64
https://notcve.org/view.php?id=CVE-2025-14815
08 Apr 2026 — Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS6... • https://jvn.jp/vu/JVNVU90646130 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2026-24511
https://notcve.org/view.php?id=CVE-2026-24511
08 Apr 2026 — A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. • https://www.dell.com/support/kbdoc/en-us/000449337/dsa-2026-125-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-39711 – WordPress RT-Theme 18 | Extensions plugin <= 2.5 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2026-39711
08 Apr 2026 — Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Retrieve Embedded Sensitive Data.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5. • https://patchstack.com/database/Wordpress/Plugin/rt18-extensions/vulnerability/wordpress-rt-theme-18-extensions-plugin-2-5-sensitive-data-exposure-vulnerability? • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-39709 – WordPress The Tribal plugin <= 1.3.4 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2026-39709
08 Apr 2026 — Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-tribe allows Retrieve Embedded Sensitive Data.This issue affects The Tribal: from n/a through <= 1.3.4. • https://patchstack.com/database/Wordpress/Plugin/the-tech-tribe/vulnerability/wordpress-the-tribal-plugin-1-3-4-sensitive-data-exposure-vulnerability? • CWE-201: Insertion of Sensitive Information Into Sent Data •