CVSS: 3.1EPSS: %CPEs: -EXPL: 0CVE-2026-4874 – Org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side request forgery via oidc token endpoint manipulation
https://notcve.org/view.php?id=CVE-2026-4874
26 Mar 2026 — Successful exploitation allows the attacker to make HTTP requests from the Keycloak server’s network context, potentially probing internal networks or internal APIs, leading to information disclosure. • https://access.redhat.com/security/cve/CVE-2026-4874 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 2.5EPSS: %CPEs: 4EXPL: 1CVE-2026-4823 – Enter Software Iperius Backup NTLM2 information disclosure
https://notcve.org/view.php?id=CVE-2026-4823
25 Mar 2026 — Executing a manipulation can lead to information disclosure. • https://github.com/0truust/iperius-backup-security-advisories/blob/main/advisories/ntlm-relay-credential-exposure.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 4.3EPSS: %CPEs: 1EXPL: 0CVE-2026-2484 – IBM InfoSphere Information Server Information Disclosure
https://notcve.org/view.php?id=CVE-2026-2484
25 Mar 2026 — IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages • https://www.ibm.com/support/pages/node/7266767 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 4.3EPSS: %CPEs: 1EXPL: 0CVE-2026-1262 – IBM InfoSphere Information Server Information Disclosure
https://notcve.org/view.php?id=CVE-2026-1262
25 Mar 2026 — IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability. • https://www.ibm.com/support/pages/node/7266748 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.1EPSS: %CPEs: 3EXPL: 0CVE-2026-27496 – n8n has In-Process Memory Disclosure in its Task Runner
https://notcve.org/view.php?id=CVE-2026-27496
25 Mar 2026 — Uninitialized buffers may contain residual data from the same Node.js process — including data from prior requests, tasks, secrets, or tokens — resulting in information disclosure of sensitive in-process data. • https://docs.n8n.io/hosting/configuration/task-runners • CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: %CPEs: -EXPL: 0CVE-2026-32538 – WordPress SMTP Mailer plugin <= 1.1.24 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2026-32538
25 Mar 2026 — Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Embedded Sensitive Data.This issue affects SMTP Mailer: from n/a through <= 1.1.24. • https://patchstack.com/database/Wordpress/Plugin/smtp-mailer/vulnerability/wordpress-smtp-mailer-plugin-1-1-24-sensitive-data-exposure-vulnerability? • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2026-25344 – WordPress Review Schema plugin <= 2.2.6 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2026-25344
25 Mar 2026 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.This issue affects Review Schema: from n/a through <= 2.2.6. • https://patchstack.com/database/Wordpress/Plugin/review-schema/vulnerability/wordpress-review-schema-plugin-2-2-6-sensitive-data-exposure-vulnerability? • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2026-25339 – WordPress Contact Form by WPForms plugin <= 1.9.8.7 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2026-25339
25 Mar 2026 — Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Retrieve Embedded Sensitive Data.This issue affects Contact Form by WPForms: from n/a through <= 1.9.8.7. • https://patchstack.com/database/Wordpress/Plugin/wpforms-lite/vulnerability/wordpress-contact-form-by-wpforms-plugin-1-9-8-7-sensitive-data-exposure-vulnerability? • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 4.3EPSS: %CPEs: 1EXPL: 0CVE-2026-3216 – Drupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017
https://notcve.org/view.php?id=CVE-2026-3216
25 Mar 2026 — Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1. • https://www.drupal.org/sa-contrib-2026-017 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2026-20695
https://notcve.org/view.php?id=CVE-2026-20695
25 Mar 2026 — An information disclosure issue was addressed with improved memory management. • https://support.apple.com/en-us/126794 •