CVSS: 4.3EPSS: %CPEs: 2EXPL: 0CVE-2026-25941 – FreeRDP: vuln_1_15_1 RDPGFX WIRE_TO_SURFACE_2 Out-of-Bounds Read
https://notcve.org/view.php?id=CVE-2026-25941
25 Feb 2026 — This can lead to information disclosure or client crashes when a user connects to a malicious server. • https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3546-x645-5cf8 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 5.7EPSS: %CPEs: 1EXPL: 0CVE-2026-24487 – OpenEMR has FHIR Patient Compartment Bypass in CareTeam Resource
https://notcve.org/view.php?id=CVE-2026-24487
25 Feb 2026 — This could potentially lead to unauthorized disclosure of Protected Health Information (PHI), including patient-provider relationships and care team structures across the entire system. • https://github.com/openemr/openemr/commit/5ce10a3961b73862aaf31eb30044ffe1018465cc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: %CPEs: 128EXPL: 0CVE-2026-20128 – Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20128
25 Feb 2026 — A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA user privileges on an affected system. To exploit this vulnerability, the attacker must have valid vmanage credentials on the affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by accessing the filesystem as a low-privileged user and reading th... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v • CWE-257: Storing Passwords in a Recoverable Format •
CVSS: 6.5EPSS: %CPEs: 289EXPL: 0CVE-2026-20133 – Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20133
25 Feb 2026 — A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system. ... A successful exploit could allow the attacker to read sensitive information on the underlying operating system. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-25135 – $export operation returns entire patient/user population contact information
https://notcve.org/view.php?id=CVE-2026-25135
25 Feb 2026 — Versions prior to 8.0.0 have an information disclosure vulnerability that leaks the entire contact information for all users, organizations, and patients in the system to anyone who has the system/(Group,Patient,*).... This disclosure will only occur in extremely high trust environments as it requires using a confidential client with secure key exchange that requires an administrator to enable and grant permission before the app can even be used. • https://github.com/openemr/openemr/commit/7ab23dfe73ebd16dd66a526272f3761f1bd5be7d • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2026-2493 – IceWarp collaboration Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-2493
25 Feb 2026 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. ... An attacker can leverage this vulnerability to disclose information in the context of root. •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2026-24241
https://notcve.org/view.php?id=CVE-2026-24241
24 Feb 2026 — A successful exploit of this vulnerability might lead to information disclosure. • https://nvd.nist.gov/vuln/detail/CVE-2026-24241 • CWE-287: Improper Authentication •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2026-27468 – Mastodon may allow unconfirmed FASP to make subscriptions
https://notcve.org/view.php?id=CVE-2026-27468
24 Feb 2026 — Done once, this leads to minor information leak of URIs that are publicly available anyway. • https://github.com/mastodon/mastodon/commit/6ba6285a73c3a8b281123814d45f534e3bcebb96 • CWE-862: Missing Authorization •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2026-2803 – Information disclosure, mitigation bypass in the Settings UI component
https://notcve.org/view.php?id=CVE-2026-2803
24 Feb 2026 — Information disclosure, mitigation bypass in the Settings UI component. • https://bugzilla.mozilla.org/show_bug.cgi?id=2012012 •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2026-2794 – Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android
https://notcve.org/view.php?id=CVE-2026-2794
24 Feb 2026 — Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android. • https://bugzilla.mozilla.org/show_bug.cgi?id=2008365 •