CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2026-33617 – MB connect line mbCONNECT24 vulnerable to an unauthenticated information disclosure in the data24 Endpoint
https://notcve.org/view.php?id=CVE-2026-33617
02 Apr 2026 — An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials. • https://certvde.com/de/advisories/VDE-2026-030 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2026-32929
https://notcve.org/view.php?id=CVE-2026-32929
01 Apr 2026 — Opening a crafted V7 file may lead to information disclosure from the affected product. • https://felib.fujielectric.co.jp/en/M10010/M20060/document_detail/5d9dd71d-9494-41a4-aa5c-8e6b8b21066b?region=en-glb • CWE-125: Out-of-bounds Read •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2026-32927
https://notcve.org/view.php?id=CVE-2026-32927
01 Apr 2026 — Opening a crafted V7 file may lead to information disclosure from the affected product. • https://felib.fujielectric.co.jp/en/M10010/M20060/document_detail/5d9dd71d-9494-41a4-aa5c-8e6b8b21066b?region=en-glb • CWE-125: Out-of-bounds Read •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2026-32926
https://notcve.org/view.php?id=CVE-2026-32926
01 Apr 2026 — Opening a crafted V7 file may lead to information disclosure from the affected product. • https://felib.fujielectric.co.jp/en/M10010/M20060/document_detail/5d9dd71d-9494-41a4-aa5c-8e6b8b21066b?region=en-glb • CWE-125: Out-of-bounds Read •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2026-34543 – OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size (undo_pxr24_impl)
https://notcve.org/view.php?id=CVE-2026-34543
01 Apr 2026 — From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data (information disclosure). • https://github.com/AcademySoftwareFoundation/openexr/commit/5f6d0aaa9e43802917af7db90f181e88e083d3b8 • CWE-908: Use of Uninitialized Resource •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2026-4989
https://notcve.org/view.php?id=CVE-2026-4989
01 Apr 2026 — Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated user to perform server-side request forgery (SSRF), potentially leading to information disclosure, via a crafted API request. This issue affects Server: from 2026.1.1 through 2026.1.11, from 2025.3.1 through 2025.3.17. • https://devolutions.net/security/advisories/DEVO-2026-0010 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2026-35094 – Libinput: libinput: information disclosure via dangling pointer in lua plugin handling
https://notcve.org/view.php?id=CVE-2026-35094
01 Apr 2026 — This could potentially expose sensitive data if the memory location is re-used, leading to information disclosure. • https://access.redhat.com/security/cve/CVE-2026-35094 • CWE-825: Expired Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2026-35093 – Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode plugins
https://notcve.org/view.php?id=CVE-2026-35093
01 Apr 2026 — A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. This could lead to the attacker monitoring keyboard input and sending that information to an external location. • https://access.redhat.com/security/cve/CVE-2026-35093 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2026-35091 – Corosync: corosync: denial of service and information disclosure via crafted udp packet
https://notcve.org/view.php?id=CVE-2026-35091
01 Apr 2026 — A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents. This vulnerability affects Corosync when running in totemudp/totemudpu mode, which is the default configuration. • https://access.redhat.com/security/cve/CVE-2026-35091 • CWE-253: Incorrect Check of Function Return Value •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2026-2696 – Export All URLs < 5.1 - Unauthenticated Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2026-2696
01 Apr 2026 — The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS (including private posts) in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any unauthenticated user can brute-force the filenames to gain access to sensitive data contained within the exported files. • https://wpscan.com/vulnerability/55d627c1-ad05-4cd1-ae7b-932d84c19313 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •