CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-52026
https://notcve.org/view.php?id=CVE-2025-52026
23 Jan 2026 — An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. • http://aptsys.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-69907
https://notcve.org/view.php?id=CVE-2025-69907
23 Jan 2026 — An unauthenticated information disclosure vulnerability exists in Newgen OmniDocs due to missing authentication and access control on the /omnidocs/GetListofCabinet API endpoint. • https://github.com/CBx216/CVE-Newgen-Software-Advisories/blob/main/CVE-2025-69907.md • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-69908
https://notcve.org/view.php?id=CVE-2025-69908
23 Jan 2026 — An unauthenticated information disclosure vulnerability in Newgen OmniApp allows attackers to enumerate valid privileged usernames via a publicly accessible client-side JavaScript resource. • https://github.com/CBx216/CVE-Newgen-Software-Advisories/blob/main/CVE-2025-69908.md • CWE-284: Improper Access Control •
CVSS: 7.4EPSS: 0%CPEs: -EXPL: 0CVE-2026-21521 – Word Copilot Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-21521
22 Jan 2026 — Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21521 • CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences •
CVSS: 9.3EPSS: 0%CPEs: -EXPL: 0CVE-2026-24307 – M365 Copilot Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-24307
22 Jan 2026 — Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24307 • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 7.4EPSS: 0%CPEs: -EXPL: 0CVE-2026-21524 – Azure Data Explorer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-21524
22 Jan 2026 — Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21524 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2026-21520 – Copilot Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-21520
22 Jan 2026 — Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21520 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-20883 – Gitea Stopwatch API Missing Authorization Check Leads to Post-Revocation Information Disclosure
https://notcve.org/view.php?id=CVE-2026-20883
22 Jan 2026 — Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches. • https://blog.gitea.com/release-of-1.25.4 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2026-24377 – WordPress Nexter Blocks plugin <= 4.6.3 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2026-24377
22 Jan 2026 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.6.3. • https://patchstack.com/database/Wordpress/Plugin/the-plus-addons-for-block-editor/vulnerability/wordpress-nexter-blocks-plugin-4-6-3-sensitive-data-exposure-vulnerability? • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 1.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12738 – Enumeration of restricted property value
https://notcve.org/view.php?id=CVE-2025-12738
22 Jan 2026 — Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential information disclosure by an attacker who has some legitimate access to the database. • https://neo4j.com/security/CVE-2025-12738 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •