CVSS: 5.3EPSS: %CPEs: -EXPL: 0CVE-2026-0789 – ALGO 8180 IP Audio Alerter Web UI Inclusion of Authentication Cookie in Response Body Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-0789
09 Jan 2026 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from the lack of proper management of sensitive information. An attacker can leverage this vulnerability to disclose information in the context of the device. •
CVSS: 5.3EPSS: %CPEs: -EXPL: 0CVE-2026-0790 – ALGO 8180 IP Audio Alerter Web UI Direct Request Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-0790
09 Jan 2026 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based user interface. By navigating directly to a URL, a user can gain unauthorized access to data. An attacker can leverage this vulnerability to disclose information in the context of the device. •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4596 – Information disclosure via IDOR in Asseco AMDX
https://notcve.org/view.php?id=CVE-2025-4596
08 Jan 2026 — Asseco ADMX system is used for processing medical records. It allows logged in users to access medical files belonging to other users through manipulation of GET arguments containing document IDs. This issue has been fixed in 6.09.01.62 version of ADMX. Asseco ADMX system is used for processing medical records. It allows logged in users to access medical files belonging to other users through manipulation of GET arguments containing document IDs. This issue has been fixed in 6.09.01.62 version of ADMX. • https://cert.pl/en/posts/2026/01/CVE-2025-4596 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-21880 – Kanboard LDAP Injection Vulnerability can Lead to User Enumeration and Information Disclosure
https://notcve.org/view.php?id=CVE-2026-21880
08 Jan 2026 — Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to enumerate all LDAP users, discover sensitive user attributes, and perform targeted attacks against specific accounts. This issue is fixed in version 1.2.49. • https://github.com/kanboard/kanboard/commit/dd374079f7c2d1dab74c1680960e684ff8668586 • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 2CVE-2017-20212 – FLIR Thermal Camera F/FC/PT/D 8.0.0.64 Information Disclosure via File Reading
https://notcve.org/view.php?id=CVE-2017-20212
07 Jan 2026 — FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. • https://cxsecurity.com/issue/WLB-2017090202 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2026-22190 – Panda3D <= 1.10.16 egg-mkfont Format String Information Disclosure
https://notcve.org/view.php?id=CVE-2026-22190
07 Jan 2026 — Panda3D versions up to and including 1.10.16 egg-mkfont contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format string for sprintf() with only a single argument supplied. If an attacker provides additional format specifiers, egg-mkfont may read unintended stack values and write the formatted output into generated .egg and .png files, resulting in disclosure of stack-resident memory and pointer values. • https://www.vulncheck.com/advisories/panda3d-egg-mkfont-format-string-information-disclosure • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-22539 – INFORMATION DISCLOSURE VIA CURL REQUESTS (OCPP)
https://notcve.org/view.php?id=CVE-2026-22539
07 Jan 2026 — As the service interaction is performed without authentication, an attacker with some knowledge of the protocol could obtain information about the charger via OCPP v1.6. • https://cds.thalesgroup.com/en • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2026-22537 – INFORMATION DISCLOSURE WITHIN THE OPERATING SYSTEM
https://notcve.org/view.php?id=CVE-2026-22537
07 Jan 2026 — The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for an attacker. • https://cds.thalesgroup.com/en • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2026-20029 – Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20029
07 Jan 2026 — A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. An attacker could exploit this vulnerability by uploading a malicious file to the application. A successful e... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xxe-jWSbSDKt • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-66686
https://notcve.org/view.php?id=CVE-2025-66686
07 Jan 2026 — The injected payload is stored and executed when any authenticated user clicks the Help button, potentially leading to session hijacking, information disclosure, privilege escalation, and unauthorized administrative actions. • https://github.com/mertdurum06/Perch-v3.2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •