CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-23983 – Apache Superset: Sensitive Data Exposure via REST API (disabled by default)
https://notcve.org/view.php?id=CVE-2026-23983
24 Feb 2026 — A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. • https://lists.apache.org/thread/62mgbc5hc8026skp69kb6vqozj3pr5ww • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2026-24314 – Information Disclosure vulnerability in S/4HANA (Manage Payment Media)
https://notcve.org/view.php?id=CVE-2026-24314
24 Feb 2026 — Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted. Bajo ciertas condiciones, SAP S/4HANA (Gestionar Medios de Pago) permite a un atacante autenticado acceder a información que de otro modo estaría restringida. Esto podría causar un impacto bajo en la confidencialidad de la aplicación, mientras... • https://me.sap.com/notes/3646297 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-25982 – ImageMagick Has Heap Out-of-Bounds Read in DCM Decoder (ReadDCMImage)
https://notcve.org/view.php?id=CVE-2026-25982
24 Feb 2026 — This causes the function to read past the end of the allocated buffer, potentially leading to a Denial of Service (crash) or Information Disclosure (leaking heap memory into the image). • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmq6-8289-hx3v • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2026-25898 – Imagemagick Has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer
https://notcve.org/view.php?id=CVE-2026-25898
24 Feb 2026 — An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vpxv-r9pg-7gpr • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-24481 – ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression
https://notcve.org/view.php?id=CVE-2026-24481
24 Feb 2026 — Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-96pc-27rx-pr36 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2026-2976 – FastApiAdmin Download Endpoint controller.py download_controller information disclosure
https://notcve.org/view.php?id=CVE-2026-2976
23 Feb 2026 — This manipulation of the argument file_path causes information disclosure. • https://github.com/CC-T-454455/Vulnerabilities/tree/master/fastapi-admin/vulnerability-2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: -EXPL: 1CVE-2026-2975 – FastApiAdmin Custom Documentation Endpoint init_app.py reset_api_docs information disclosure
https://notcve.org/view.php?id=CVE-2026-2975
23 Feb 2026 — The manipulation results in information disclosure. • https://github.com/CC-T-454455/Vulnerabilities/tree/master/fastapi-admin/vulnerability-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: -EXPL: 1CVE-2026-2894 – funadmin forget.html getMember information disclosure
https://notcve.org/view.php?id=CVE-2026-2894
21 Feb 2026 — Such manipulation leads to information disclosure. • https://github.com/I4m6da/CVE/issues/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: -EXPL: 0CVE-2026-2861 – Foswiki Changes/Viewfile/Oops information disclosure
https://notcve.org/view.php?id=CVE-2026-2861
21 Feb 2026 — The manipulation results in information disclosure. • https://foswiki.org/Tasks/Item15600 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2026-27161 – Unauthenticated Information Disclosure via .htaccess Reliance in Sensitive Directories
https://notcve.org/view.php?id=CVE-2026-27161
20 Feb 2026 — GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled (common in hardened or shared hosting environments), these protections are silently ignored, allowing unauthenticated attackers to list and download sensitive files including authorization.xml, which contains cryptographic salts and API keys. This issue does not have a fix at the time of publication. • https://github.com/GetSimpleCMS-CE/GetSimpleCMS-CE/security/advisories/GHSA-f63g-xh6j-q56g • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •