CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2026-28521 – arduino-TuyaOpen TuyaIoT Out-of-Bounds Memory Read Information Disclosure
https://notcve.org/view.php?id=CVE-2026-28521
15 Mar 2026 — An attacker who hijacks or controls the Tuya cloud service can issue malicious DP event data to victim devices, causing out-of-bounds memory access that may result in information disclosure or a denial-of-service condition. • https://www.vulncheck.com/advisories/arduino-tuyaopen-tuyaiot-out-of-bounds-memory-read-information-disclosure • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2026-3441 – Binutils: gnu binutils: information disclosure via specially crafted xcoff object file
https://notcve.org/view.php?id=CVE-2026-3441
15 Mar 2026 — By convincing a user to process a specially crafted XCOFF object file, an attacker can trigger this flaw, potentially leading to information disclosure or an application level denial of service. • https://access.redhat.com/security/cve/CVE-2026-3441 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2026-3442 – Binutils: gnu binutils: information disclosure or denial of service via out-of-bounds read in bfd linker
https://notcve.org/view.php?id=CVE-2026-3442
15 Mar 2026 — A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service. • https://access.redhat.com/security/cve/CVE-2026-3442 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 20EXPL: 0CVE-2026-26133 – M365 Copilot Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-26133
13 Mar 2026 — AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26133 •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0CVE-2026-0977 – IBM CICS Transaction Gateway for Multiplatforms Information Disclosure
https://notcve.org/view.php?id=CVE-2026-0977
13 Mar 2026 — IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls. • https://www.ibm.com/support/pages/node/7263518 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-13460 – IBM Aspera Console Information Disclosure
https://notcve.org/view.php?id=CVE-2025-13460
13 Mar 2026 — IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable response discrepancy. • https://www.ibm.com/support/pages/node/7263486 • CWE-204: Observable Response Discrepancy •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-14483 – IBM Sterling B2B Integrator and IBM Sterling File Gateway Information Disclosure
https://notcve.org/view.php?id=CVE-2025-14483
13 Mar 2026 — IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could disclose sensitive host information to authenticated users in responses that could be used in further attacks against the system. IBM Sterling B2B Integrator y IBM Sterling File Gateway 6.1.0.0 hasta 6.1.2.7_2, 6.2.0.0 hasta 6.2.0.5_1, 6.2.1.0 hasta 6.2.1.1_1, y 6.2.2.0 podrían divulgar información sensible del host a usuarios autenticados en respuestas... • https://www.ibm.com/support/pages/node/7263329 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-13718 – IBM Sterling Partner Engagement Manager Information Disclosure
https://notcve.org/view.php?id=CVE-2025-13718
13 Mar 2026 — IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors. IBM Sterling Partner Engagement Manager 6.2.3.0 hasta 6.2.3.5 y 6.2.4.0 hasta 6.2.4.2 podría permitir a un atacante remoto obtener información sensible en texto claro en un canal de comunicación que puede ser interceptado por actores no autorizados. • https://www.ibm.com/support/pages/node/7263391 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-13723 – IBM Sterling Partner Engagement Manager Information Disclosure
https://notcve.org/view.php?id=CVE-2025-13723
13 Mar 2026 — IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token IBM Sterling Partner Engagement Manager 6.2.3.0 a 6.2.3.5 y 6.2.4.0 a 6.2.4.2 podría permitir a un atacante obtener información sensible del usuario utilizando un token de acceso caducado. • https://www.ibm.com/support/pages/node/7263391 • CWE-324: Use of a Key Past its Expiration Date •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-13726 – IBM Sterling Partner Engagement Manager Information Disclosure
https://notcve.org/view.php?id=CVE-2025-13726
13 Mar 2026 — IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system. IBM Sterling Partner Engagement Manager 6.2.3.0 a 6.2.3.5 y 6.2.4.0 a 6.2.4.2 podría permitir a un atacante remoto obtener información sensible cuando se devuelven mensajes de error técnicos detallados. Esta información podría ser util... • https://www.ibm.com/support/pages/node/7263391 • CWE-209: Generation of Error Message Containing Sensitive Information •