CVSS: 6.1EPSS: %CPEs: -EXPL: 0CVE-2025-66042
https://notcve.org/view.php?id=CVE-2025-66042
17 Mar 2026 — By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. • https://talosintelligence.com/vulnerability_reports/TALOS-2025-2319 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: %CPEs: -EXPL: 0CVE-2025-65119
https://notcve.org/view.php?id=CVE-2025-65119
17 Mar 2026 — By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. • https://talosintelligence.com/vulnerability_reports/TALOS-2025-2320 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: %CPEs: -EXPL: 0CVE-2025-62403
https://notcve.org/view.php?id=CVE-2025-62403
17 Mar 2026 — By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. • https://talosintelligence.com/vulnerability_reports/TALOS-2025-2321 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: %CPEs: -EXPL: 0CVE-2026-20726
https://notcve.org/view.php?id=CVE-2026-20726
17 Mar 2026 — By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. • https://talosintelligence.com/vulnerability_reports/TALOS-2025-2324 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: %CPEs: -EXPL: 0CVE-2026-22882
https://notcve.org/view.php?id=CVE-2026-22882
17 Mar 2026 — By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. • https://talosintelligence.com/vulnerability_reports/TALOS-2025-2325 • CWE-125: Out-of-bounds Read •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0NotCVE-2026-0004 – BestCrypt Volume Encryption improper signature-based sector bypass allows limited cleartext disclosure and plaintext injection
https://notcve.org/view.php?id=NotCVE-2026-0004
17 Mar 2026 — This can cause limited cleartext disclosure when attacker-controlled content shares a sector with sensitive data, and it can allow plaintext injection into a mounted encrypted volume when an attacker can modify the underlying encrypted media. • https://jetico.com/data-encryption/encrypt-hard-drives-bestcrypt-volume-encryption/ • CWE-345: Insufficient Verification of Data Authenticity CWE-312: Cleartext Storage of Sensitive Information CWE-693: Protection Mechanism Failure •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-28506 – Outline's Information Disclosure in Activity Logs allows User Enumeration of Private Drafts
https://notcve.org/view.php?id=CVE-2026-28506
17 Mar 2026 — Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no collection (e.g., Private Drafts, Deleted Documents), regardless of the user's actual permissions on those documents. While the document content is not directly exposed, this vulnerability leaks sensitive metadata (... • https://github.com/outline/outline/security/advisories/GHSA-69x7-6fcr-mm6g • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2026-4324 – Rubygem-katello: katello: denial of service and potential information disclosure via sql injection
https://notcve.org/view.php?id=CVE-2026-4324
17 Mar 2026 — This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database. • https://access.redhat.com/security/cve/CVE-2026-4324 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2026-29522 – ZwickRoell Test Data Management < 3.0.8 Path Traversal LFI
https://notcve.org/view.php?id=CVE-2026-29522
16 Mar 2026 — An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to access arbitrary files on the server, leading to information disclosure of sensitive system files. • https://www.vulncheck.com/advisories/zwickroell-test-data-management-path-traversal-lfi • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-1629 – Permalink Preview Information Disclosure After Permission Revocation
https://notcve.org/view.php?id=CVE-2026-1629
16 Mar 2026 — Mattermost versions 10.11.x <= 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-00580 • https://mattermost.com/security-updates • CWE-672: Operation on a Resource after Expiration or Release •