CVSS: 5.3EPSS: %CPEs: 2EXPL: 0CVE-2026-35545
https://notcve.org/view.php?id=CVE-2026-35545
03 Apr 2026 — This may lead to information disclosure or access-control bypass. • https://github.com/roundcube/roundcubemail/commit/7ad62de184368bf42c0f522d1aacc030f5ddcc46 • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 5.3EPSS: %CPEs: 2EXPL: 0CVE-2026-35543
https://notcve.org/view.php?id=CVE-2026-35543
03 Apr 2026 — This may lead to information disclosure or access-control bypass. • https://github.com/roundcube/roundcubemail/commit/1a63e01542bff42aaa71c00c4c279a09ef31f20c • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 5.3EPSS: %CPEs: 2EXPL: 0CVE-2026-35542
https://notcve.org/view.php?id=CVE-2026-35542
03 Apr 2026 — This may lead to information disclosure or access-control bypass. • https://github.com/roundcube/roundcubemail/commit/e052328e3dc75f13adc2e314eaa4096ac21084ad • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 5.4EPSS: %CPEs: 1EXPL: 0CVE-2026-35540
https://notcve.org/view.php?id=CVE-2026-35540
03 Apr 2026 — Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. • https://github.com/roundcube/roundcubemail/commit/27ec6cc9cb25e1ef8b4d4ef39ce76d619caa6870 • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 9.1EPSS: %CPEs: -EXPL: 0CVE-2026-32211 – Azure MCP Server Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-32211
02 Apr 2026 — Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32211 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.6EPSS: %CPEs: -EXPL: 0CVE-2026-32173 – Azure SRE Agent Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-32173
02 Apr 2026 — Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32173 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: %CPEs: 2EXPL: 0CVE-2026-34785 – Rack: Local file inclusion in `Rack::Static` via URL Prefix Matching
https://notcve.org/view.php?id=CVE-2026-34785
02 Apr 2026 — As a result, files under the static root whose names merely share the configured prefix may be served unintentionally, leading to information disclosure. • https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq • CWE-187: Partial String Comparison CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: %CPEs: 1EXPL: 0CVE-2026-33533 – Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard
https://notcve.org/view.php?id=CVE-2026-33533
02 Apr 2026 — Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server (activated with glances -s or glances --server) sends Access-Control-Allow-Origin: * on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an attacker-controlled webpage can issue a CORS "simple request" (POST with Content-Type: text/plain) containing a valid XML-RPC payload. The browser sends the request without a preflight check, the server processes ... • https://github.com/nicolargo/glances/commit/dcb39c3f12b2a1eec708c58d22d7a1d62bdf5fa1 • CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 6.9EPSS: %CPEs: 1EXPL: 0CVE-2026-34973 – phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure
https://notcve.org/view.php?id=CVE-2026-34973
02 Apr 2026 — An unauthenticated attacker can inject these wildcards into search queries, causing them to match unintended records — including content that was not meant to be surfaced — resulting in information disclosure. • https://github.com/thorsten/phpMyFAQ/releases/tag/4.1.1 • CWE-943: Improper Neutralization of Special Elements in Data Query Logic •
CVSS: 7.3EPSS: %CPEs: -EXPL: 0CVE-2026-3872 – Keycloak: keycloak: information disclosure due to redirect_uri validation bypass
https://notcve.org/view.php?id=CVE-2026-3872
02 Apr 2026 — A successful attack may lead to the theft of an access token, resulting in information disclosure. • https://access.redhat.com/errata/RHSA-2026:6475 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •