CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2026-29516 – Buffalo TeraStation TS5400R Excessive File Permissions Information Disclosure
https://notcve.org/view.php?id=CVE-2026-29516
16 Mar 2026 — Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions on /etc/shadow to retrieve hashed passwords for all configured accounts including root. • https://www.vulncheck.com/advisories/buffalo-terastation-ts5400r-excessive-file-permissions-information-disclosure • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 2.5EPSS: 0%CPEs: 4EXPL: 1CVE-2026-4250 – Albert Sağlık Hizmetleri ve Ticaret Albert Health Google Cloud Service Account Key service-account.json credentials storage
https://notcve.org/view.php?id=CVE-2026-4250
16 Mar 2026 — The vendor was contacted early about this disclosure but did not respond in any way. • https://www.notion.so/Google-Cloud-Service-Account-Key-Exposure-Leading-to-Unauthorized-Data-Access-in-albert-health-3192de3f97fb800d8ebddef9f259223b? • CWE-255: Credentials Management Errors CWE-256: Plaintext Storage of a Password •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52642 – HCL AION is affected by an internal filesystem paths disloser vulnerability
https://notcve.org/view.php?id=CVE-2025-52642
16 Mar 2026 — Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410 • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 1.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52649 – HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature
https://notcve.org/view.php?id=CVE-2025-52649
16 Mar 2026 — Predictable identifiers may allow an attacker to infer or guess system-generated values, potentially leading to limited information disclosure or unintended access under specific conditions. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-2578 – Information Disclosure via WebSocket Event When Deleting Unrevealed Burn on Read Posts
https://notcve.org/view.php?id=CVE-2026-2578
16 Mar 2026 — Mattermost versions 11.3.x <= 11.3.0 fail to preserve the redacted state of burn-on-read posts during deletion which allows channel members to access unrevealed burn-on-read message contents via the WebSocket post deletion event.. Mattermost Advisory ID: MMSA-2026-00579 • https://mattermost.com/security-updates • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-15554 – Admin Passwords Cached by Browsers in Truesec LAPSWebUI
https://notcve.org/view.php?id=CVE-2025-15554
16 Mar 2026 — Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin passwords. • https://labs.reversec.com/advisories/2026/03/admin-passwords-cached-by-browsers-in-truesec-lapswebui • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26474 – communication_ipc an improper input validation vulnerability
https://notcve.org/view.php?id=CVE-2025-26474
16 Mar 2026 — in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input. • https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2025/2025-09.md • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12736 – multimedia_audio_standard has an insecure storage of sensitive information vulnerability
https://notcve.org/view.php?id=CVE-2025-12736
16 Mar 2026 — in OpenHarmony v5.0.3 and prior versions allow a local attacker case sensitive information leak through use of uninitialized resource. • https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2025/2025-12.md • CWE-908: Use of Uninitialized Resource •
CVSS: 2.5EPSS: 0%CPEs: -EXPL: 1CVE-2026-4218 – myAEDES App aedes.me.beta EngageBayUtils.java information disclosure
https://notcve.org/view.php?id=CVE-2026-4218
16 Mar 2026 — Performing a manipulation of the argument AUTH_KEY results in information disclosure. ... The vendor was contacted early about this disclosure but did not respond in any way. • https://www.notion.so/Authorization-Credential-Exposure-Leading-to-Data-Leakage-in-aedes-me-beta-app-3172de3f97fb8018abc9c25a878f5845? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 1CVE-2026-4201 – glowxq glowxq-oj SysFileController.java upload unrestricted upload
https://notcve.org/view.php?id=CVE-2026-4201
16 Mar 2026 — This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. • https://fx4tqqfvdw4.feishu.cn/docx/XM7MdiAtxodVIOx5HXScEdOsn47?from=from_copylink • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •