CVSS: 6.9EPSS: %CPEs: 8EXPL: 0CVE-2026-0853 – A-Plus Video Technologies|NVR - Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2026-0853
12 Jan 2026 — Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information. • https://www.twcert.org.tw/en/cp-139-10621-55584-2.html • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-65090 – XWiki Full Calendar Macro vulnerable to data leak through Calendar.JSONService
https://notcve.org/view.php?id=CVE-2025-65090
10 Jan 2026 — Prior to version 2.4.6, users with the rights to view the Calendar.JSONService page (including guest users) can exploit the data leak vulnerability by accessing database info, with the exception of passwords. • https://github.com/xwiki-contrib/macro-fullcalendar/commit/25bc14c181c9a92f493b20ac264388c7ba171884 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-46676
https://notcve.org/view.php?id=CVE-2025-46676
09 Jan 2026 — A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. • https://www.dell.com/support/kbdoc/en-us/000405813/dsa-2025-415-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.7EPSS: 0%CPEs: -EXPL: 0CVE-2025-66049 – Unprotected RTSP stream in Vivotek IP7137 cameras
https://notcve.org/view.php?id=CVE-2025-66049
09 Jan 2026 — Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. ... Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. • https://cert.pl/posts/2026/01/CVE-2025-66049 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-67004
https://notcve.org/view.php?id=CVE-2025-67004
09 Jan 2026 — An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. • https://gist.github.com/thepiyushkumarshukla/d01f8004c43692f18c75548f4739955a •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2026-0767 – Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-0767
09 Jan 2026 — This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of credentials provided to the endpoint. The issue results from transmitting sensitive information in plaintext. An attacker can leverage this vulnerability to disclose transmitted credentials, leading to further compromise. •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2026-0789 – ALGO 8180 IP Audio Alerter Web UI Inclusion of Authentication Cookie in Response Body Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-0789
09 Jan 2026 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from the lack of proper management of sensitive information. An attacker can leverage this vulnerability to disclose information in the context of the device. •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2026-0790 – ALGO 8180 IP Audio Alerter Web UI Direct Request Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-0790
09 Jan 2026 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based user interface. By navigating directly to a URL, a user can gain unauthorized access to data. An attacker can leverage this vulnerability to disclose information in the context of the device. •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4596 – Information disclosure via IDOR in Asseco AMDX
https://notcve.org/view.php?id=CVE-2025-4596
08 Jan 2026 — Asseco ADMX system is used for processing medical records. It allows logged in users to access medical files belonging to other users through manipulation of GET arguments containing document IDs. This issue has been fixed in 6.09.01.62 version of ADMX. Asseco ADMX system is used for processing medical records. It allows logged in users to access medical files belonging to other users through manipulation of GET arguments containing document IDs. This issue has been fixed in 6.09.01.62 version of ADMX. • https://cert.pl/en/posts/2026/01/CVE-2025-4596 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-67931 – WordPress BulletProof Security plugin <= 6.9 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-67931
08 Jan 2026 — Insertion of Sensitive Information Into Sent Data vulnerability in AITpro BulletProof Security bulletproof-security allows Retrieve Embedded Sensitive Data.This issue affects BulletProof Security: from n/a through <= 6.9. • https://vdp.patchstack.com/database/Wordpress/Plugin/bulletproof-security/vulnerability/wordpress-bulletproof-security-plugin-6-9-sensitive-data-exposure-vulnerability? • CWE-201: Insertion of Sensitive Information Into Sent Data •