CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2026-29522 – ZwickRoell Test Data Management < 3.0.8 Path Traversal LFI
https://notcve.org/view.php?id=CVE-2026-29522
16 Mar 2026 — An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to access arbitrary files on the server, leading to information disclosure of sensitive system files. • https://www.vulncheck.com/advisories/zwickroell-test-data-management-path-traversal-lfi • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-1629 – Permalink Preview Information Disclosure After Permission Revocation
https://notcve.org/view.php?id=CVE-2026-1629
16 Mar 2026 — Mattermost versions 10.11.x <= 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-00580 • https://mattermost.com/security-updates • CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2026-29516 – Buffalo TeraStation TS5400R Excessive File Permissions Information Disclosure
https://notcve.org/view.php?id=CVE-2026-29516
16 Mar 2026 — Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions on /etc/shadow to retrieve hashed passwords for all configured accounts including root. • https://www.vulncheck.com/advisories/buffalo-terastation-ts5400r-excessive-file-permissions-information-disclosure • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52642 – HCL AION is affected by an internal filesystem paths disloser vulnerability
https://notcve.org/view.php?id=CVE-2025-52642
16 Mar 2026 — Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410 • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 1.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52649 – HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature
https://notcve.org/view.php?id=CVE-2025-52649
16 Mar 2026 — Predictable identifiers may allow an attacker to infer or guess system-generated values, potentially leading to limited information disclosure or unintended access under specific conditions. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-2578 – Information Disclosure via WebSocket Event When Deleting Unrevealed Burn on Read Posts
https://notcve.org/view.php?id=CVE-2026-2578
16 Mar 2026 — Mattermost versions 11.3.x <= 11.3.0 fail to preserve the redacted state of burn-on-read posts during deletion which allows channel members to access unrevealed burn-on-read message contents via the WebSocket post deletion event.. Mattermost Advisory ID: MMSA-2026-00579 • https://mattermost.com/security-updates • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12736 – multimedia_audio_standard has an insecure storage of sensitive information vulnerability
https://notcve.org/view.php?id=CVE-2025-12736
16 Mar 2026 — in OpenHarmony v5.0.3 and prior versions allow a local attacker case sensitive information leak through use of uninitialized resource. • https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2025/2025-12.md • CWE-908: Use of Uninitialized Resource •
CVSS: 2.5EPSS: 0%CPEs: -EXPL: 1CVE-2026-4218 – myAEDES App aedes.me.beta EngageBayUtils.java information disclosure
https://notcve.org/view.php?id=CVE-2026-4218
16 Mar 2026 — Performing a manipulation of the argument AUTH_KEY results in information disclosure. • https://www.notion.so/Authorization-Credential-Exposure-Leading-to-Data-Leakage-in-aedes-me-beta-app-3172de3f97fb8018abc9c25a878f5845? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2026-4155 – ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-4155
16 Mar 2026 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the genpw script. The issue results from the inclusion of a secret cryptographic seed value within the script. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. •
CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 2CVE-2017-20217 – Serviio PRO 1.8 REST API Information Disclosure
https://notcve.org/view.php?id=CVE-2017-20217
15 Mar 2026 — Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. • https://www.vulncheck.com/advisories/serviio-pro-rest-api-information-disclosure • CWE-306: Missing Authentication for Critical Function •