CVSS: 9.0EPSS: %CPEs: 2EXPL: 0CVE-2026-23492 – Pimcore has a Blind SQL Injection in Admin Search Find API due to an incomplete fix for CVE-2023-30848
https://notcve.org/view.php?id=CVE-2026-23492
14 Jan 2026 — Attackers can still inject SQL payloads that do not rely on comments and infer database information via blind techniques. This vulnerability affects the admin interface and can lead to database information disclosure. • https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 1CVE-2026-22211 – TinyOS <= 2.1.2 Global Buffer Overflow in printfUART
https://notcve.org/view.php?id=CVE-2026-22211
14 Jan 2026 — This can cause denial of service, unintended behavior, or information disclosure via corrupted adjacent global state or UART output. • https://github.com/tinyos/tinyos-main • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-66005 – Lack of Authentication in the InputManager D-Bus interface
https://notcve.org/view.php?id=CVE-2025-66005
14 Jan 2026 — Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0 can lead to local Denial-of-Service, information leak or even privilege escalation in the context of the currently active user session. Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0 can lead to local Denial-of-Service, information leak or even privilege escalation in the context of the currently active user session. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66005 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-20958 – Microsoft SharePoint Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20958
13 Jan 2026 — Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20958 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2026-20939 – Windows File Explorer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20939
13 Jan 2026 — Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20939 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2026-20937 – Windows File Explorer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20937
13 Jan 2026 — Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20937 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.6EPSS: 0%CPEs: 24EXPL: 0CVE-2026-20936 – Windows NDIS Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20936
13 Jan 2026 — Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20936 • CWE-125: Out-of-bounds Read •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2026-20935 – Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20935
13 Jan 2026 — Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20935 • CWE-822: Untrusted Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2026-20862 – Windows Management Services Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20862
13 Jan 2026 — Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20862 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2026-20932 – Windows File Explorer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20932
13 Jan 2026 — Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20932 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •