CVSS: 4.8EPSS: %CPEs: 1EXPL: 0CVE-2025-40895 – HTML injection in Sensor Map in CMC before 25.6.0
https://notcve.org/view.php?id=CVE-2025-40895
04 Mar 2026 — Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration. • https://security.nozominetworks.com/NN-2025:17-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: %CPEs: 2EXPL: 0CVE-2025-40894 – HTML injection in Alerted Nodes Dashboard in Guardian/CMC before 25.6.0
https://notcve.org/view.php?id=CVE-2025-40894
04 Mar 2026 — Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration. • https://security.nozominetworks.com/NN-2025:16-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.7EPSS: %CPEs: 2EXPL: 0CVE-2026-21426
https://notcve.org/view.php?id=CVE-2026-21426
04 Mar 2026 — A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, elevation of privileges, and information disclosure. • https://www.dell.com/support/kbdoc/en-sg/000432452/dsa-2026-038-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities • CWE-250: Execution with Unnecessary Privileges •
CVSS: 6.7EPSS: %CPEs: 2EXPL: 0CVE-2026-21423
https://notcve.org/view.php?id=CVE-2026-21423
04 Mar 2026 — A high privileged attacker with local access could potentially exploit this vulnerability, leading to code execution, denial of service, elevation of privileges, and information disclosure. • https://www.dell.com/support/kbdoc/en-sg/000432452/dsa-2026-038-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities • CWE-276: Incorrect Default Permissions •
CVSS: 6.7EPSS: %CPEs: 2EXPL: 0CVE-2026-22270
https://notcve.org/view.php?id=CVE-2026-22270
04 Mar 2026 — A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, elevation of privileges, and information disclosure. • https://www.dell.com/support/kbdoc/en-sg/000432452/dsa-2026-038-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2026-2747 – PGP Mixed Plaintext and Encrypted Content
https://notcve.org/view.php?id=CVE-2026-2747
04 Mar 2026 — SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor. • https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2026-2025 – Mail Mint < 1.19.5 - Unauthenticated Emails Disclosure
https://notcve.org/view.php?id=CVE-2026-2025
04 Mar 2026 — The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the blog • https://wpscan.com/vulnerability/1b815cde-cd9d-46fa-a6ab-3d2851705e7b • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13616 – DataStage on Cloud Pak for Data is vulnerable to sensitive information leak due to HTTP response
https://notcve.org/view.php?id=CVE-2025-13616
03 Mar 2026 — IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7261771 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-64736
https://notcve.org/view.php?id=CVE-2025-64736
03 Mar 2026 — A specially crafted .abf file can lead to an information leak. • https://talosintelligence.com/vulnerability_reports/TALOS-2025-2323 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-1980 – WPBookit <= 1.0.8 - Missing Authorization to Unauthenticated Sensitive Customer Data Exposure
https://notcve.org/view.php?id=CVE-2026-1980
03 Mar 2026 — The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing authorization check on the 'get_customer_list' route in all versions up to, and including, 1.0.8. This makes it possible for unauthenticated attackers to retrieve sensitive customer information including names, emails, phone numbers, dates of birth, and gender. • https://plugins.trac.wordpress.org/browser/wpbookit/tags/1.0.8/core/admin/classes/class.wpb-admin-routes.php#L146 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •