CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2026-42058 – BIG-IP iControl REST vulnerability
https://notcve.org/view.php?id=CVE-2026-42058
13 May 2026 — An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user account names. • https://my.f5.com/manage/s/article/K000160903 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 0CVE-2026-41954 – iControl REST and tmsh vulnerability
https://notcve.org/view.php?id=CVE-2026-41954
13 May 2026 — Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. • https://my.f5.com/manage/s/article/K32950402 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-9987 – Broadstreet <= 1.53.1 - Authenticated (Subscriber+) Information Disclosure
https://notcve.org/view.php?id=CVE-2025-9987
13 May 2026 — The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the get_sponsored_meta() AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected and private business details. • https://plugins.trac.wordpress.org/changeset/3524817 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2026-44012 – Craft CMS: Missing Volume Permission Check in AssetsController::actionShowInFolder Allows Information Disclosure
https://notcve.org/view.php?id=CVE-2026-44012
12 May 2026 — Craft CMS is a content management system (CMS). From 5.0.0-RC1 to before 5.9.18, AssetsController::actionShowInFolder() fetches an asset by ID and returns its filename and complete folder hierarchy (including volume handle, volume UID, folder names, folder UIDs, and folder URI paths) without checking whether the requesting user has viewAssets or viewPeerAssets permission on the asset’s volume. Any authenticated CP user — even one with zero volume permissions — can enumerate asset filenames and the full fold... • https://github.com/craftcms/cms/commit/e3f3eaab3d85badd713cfc2c24e5f0792ecdb586 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-42541 – Kubewarden: RBAC Reconnaissance via unchecked can_i host capability call
https://notcve.org/view.php?id=CVE-2026-42541
12 May 2026 — This is an information disclosure / reconnaissance issue, and not direct workload data exfiltration. • https://github.com/kubewarden/adm-controller/security/advisories/GHSA-wqcw-g35j-j578 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2026-34336 – Windows DWM Core Library Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-34336
12 May 2026 — Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34336 • CWE-126: Buffer Over-read •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2026-41107 – Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-41107
12 May 2026 — External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41107 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-41612 – Visual Studio Code Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-41612
12 May 2026 — Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41612 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-40421 – Microsoft Word Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-40421
12 May 2026 — External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40421 • CWE-73: External Control of File Name or Path •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2026-40406 – Windows TCP/IP Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-40406
12 May 2026 — Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40406 • CWE-416: Use After Free •