CVSS: 6.9EPSS: %CPEs: 1EXPL: 0CVE-2025-15038
https://notcve.org/view.php?id=CVE-2025-15038
12 Mar 2026 — This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to a disclosure of kernel information or a system crash. Refer to the "Security Update for ASUS Business System Control Interface" section on the ASUS Security Advisory for more information. • https://www.asus.com/content/security-advisory • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: %CPEs: 1EXPL: 0CVE-2025-15037
https://notcve.org/view.php?id=CVE-2025-15037
12 Mar 2026 — This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive hardware resources and kernel information disclosure. Refer to the "ASUS Business System Control Interface" section on the ASUS Security Advisory for more information. • https://www.asus.com/content/security-advisory • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.7EPSS: %CPEs: 2EXPL: 0CVE-2026-32131 – ZITADEL Cross-Tenant Information Disclosure in Management API
https://notcve.org/view.php?id=CVE-2026-32131
11 Mar 2026 — ., project.read, project.grant.read, or project.app.read) to retrieve management-plane information belonging to other organizations by specifying a different tenant’s project_id, grant_id, or app_id. • https://github.com/zitadel/zitadel/releases/tag/v3.4.8 • CWE-639: Authorization Bypass Through User-Controlled Key CWE-862: Missing Authorization •
CVSS: 7.1EPSS: %CPEs: -EXPL: 0CVE-2026-32102 – OliveTin Unauthorized Action Output Disclosure via EventStream
https://notcve.org/view.php?id=CVE-2026-32102
11 Mar 2026 — A low-privileged authenticated user can receive output from actions they are not allowed to view, resulting in broken access control and sensitive information disclosure. • https://github.com/OliveTin/OliveTin/security/advisories/GHSA-228v-wc5r-j8m7 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 8.7EPSS: %CPEs: -EXPL: 1CVE-2019-25465 – Hisilicon HiIpcam V100R003 Information Disclosure via Directory Traversal
https://notcve.org/view.php?id=CVE-2019-25465
11 Mar 2026 — Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. Attackers can request the getadslattr.cgi endpoint to retrieve ADSL credentials and network configuration parameters including usernames, passwords, and DNS settings. • https://www.vulncheck.com/advisories/hisilicon-hiipcam-vr-information-disclosure-via-directory-traversal • CWE-260: Password in Configuration File •
CVSS: 5.7EPSS: %CPEs: 1EXPL: 0CVE-2026-0231 – Cortex XDR Broker VM: Sensitive Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-0231
11 Mar 2026 — An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting. • https://security.paloaltonetworks.com/CVE-2026-0231 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.4EPSS: %CPEs: 5EXPL: 0CVE-2026-20166 – Sensitive Information Disclosure in Discover Splunk Observability Cloud app for Splunk Enterprise
https://notcve.org/view.php?id=CVE-2026-20166
11 Mar 2026 — In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve the Observability Cloud API access token through the Discover Splunk Observability Cloud app due to improper access control. This vulnerability does not affect Splunk Enterprise versions below 9.4.9 and 9.3.10 because the Discover Splunk Observability Cloud app does not come wit... • https://advisory.splunk.com/advisories/SVD-2026-0305 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: %CPEs: 7EXPL: 0CVE-2026-20164 – Sensitive Information Disclosure through Improper Access Control in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2026-20164
11 Mar 2026 — This vulnerability could allow for the unauthorized disclosure of sensitive credentials. • https://advisory.splunk.com/advisories/SVD-2026-0303 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.3EPSS: %CPEs: 8EXPL: 0CVE-2026-20165 – Sensitive Information Disclosure in MongoClient logging channel in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2026-20165
11 Mar 2026 — In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspecting the job's search log due to improper access control in the MongoClient logging channel. • https://advisory.splunk.com/advisories/SVD-2026-0304 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2026-31844 – Authenticated SQL Injection in Koha displayby parameter of suggestion.pl
https://notcve.org/view.php?id=CVE-2026-31844
11 Mar 2026 — A low-privileged staff user can inject arbitrary SQL queries via crafted requests to this parameter, allowing execution of unintended SQL statements and exposure of sensitive database information. Successful exploitation may lead to full compromise of the backend database, including disclosure or modification of stored data. • https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41593 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •