CVSS: 8.7EPSS: %CPEs: 1EXPL: 0CVE-2026-32268 – Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability
https://notcve.org/view.php?id=CVE-2026-32268
18 Mar 2026 — The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The `DefaultController->actionLoadContainerData()` endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Because Azure can return sensitive data in error messages, additional attack vectors are also exposed. Users should... • https://github.com/craftcms/azure-blob/commit/cf69db45f393b3508a32f89ac8235554a2f026ff • CWE-862: Missing Authorization •
CVSS: 5.8EPSS: %CPEs: -EXPL: 0CVE-2026-4366 – Keycloak-services: blind server-side request forgery (ssrf) via http redirect handling in keycloak
https://notcve.org/view.php?id=CVE-2026-4366
18 Mar 2026 — This issue may lead to information disclosure and enable attackers to map internal network infrastructure. • https://access.redhat.com/security/cve/CVE-2026-4366 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 2.4EPSS: %CPEs: 1EXPL: 0CVE-2026-32266 – Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-32266
18 Mar 2026 — The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the `DefaultController->actionLoadBucketData()` endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Users should update to version 2.2.1 of the plugin to mitigate the issue. • https://github.com/craftcms/google-cloud/commit/651bacaa5f5fd7813e4075e0747b1d706391fb2c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: %CPEs: 1EXPL: 0CVE-2026-32265 – Amazon S3 for Craft CMS has an Information Disclosure vulnerability
https://notcve.org/view.php?id=CVE-2026-32265
18 Mar 2026 — The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The `BucketsController->actionLoadBucketData()` endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Users should update to version 2.2.5 of the plugin to mitigate the issue. • https://github.com/craftcms/aws-s3/commit/ef8904d8b6856e4a52893a9e1e52988ae110aa3f • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.6EPSS: %CPEs: 2EXPL: 0CVE-2026-30884 – mdjnelson/moodle-mod_customcert Vulnerable to Authorization Bypass Through User-Controlled Key
https://notcve.org/view.php?id=CVE-2026-30884
18 Mar 2026 — The `core_get_fragment` callback `editelement` and the `mod_customcert_save_element` web service both fail to verify that the supplied `elementid` belongs to the authorized context, enabling cross-course information disclosure and data tampering. • https://github.com/mdjnelson/moodle-mod_customcert/commit/a1494a80fb953f187f7888a7394cbf9d13c28468 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.7EPSS: %CPEs: -EXPL: 0CVE-2026-2092 – Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions
https://notcve.org/view.php?id=CVE-2026-2092
18 Mar 2026 — This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure. • https://access.redhat.com/errata/RHSA-2026:3925 • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 6.5EPSS: %CPEs: 1EXPL: 0CVE-2026-1267 – IBM Planning Analytics Information Disclosure
https://notcve.org/view.php?id=CVE-2026-1267
17 Mar 2026 — IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls. • https://www.ibm.com/support/pages/node/7263581 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.7EPSS: %CPEs: 1EXPL: 0CVE-2025-14806 – IBM Planning Analytics Information Disclosure
https://notcve.org/view.php?id=CVE-2025-14806
17 Mar 2026 — IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources. • https://www.ibm.com/support/pages/node/7263581 • CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 6.1EPSS: %CPEs: -EXPL: 0CVE-2025-62500
https://notcve.org/view.php?id=CVE-2025-62500
17 Mar 2026 — By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. • https://talosintelligence.com/vulnerability_reports/TALOS-2025-2298 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: %CPEs: -EXPL: 0CVE-2025-61979
https://notcve.org/view.php?id=CVE-2025-61979
17 Mar 2026 — By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. • https://talosintelligence.com/vulnerability_reports/TALOS-2025-2299 • CWE-125: Out-of-bounds Read •