CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2026-21659 – Johnson Controls -Frick Quantum HD-Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion
https://notcve.org/view.php?id=CVE-2026-21659
27 Feb 2026 — Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to execute arbitrary code on the affected device, leading to full system compromise. • https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-15567
https://notcve.org/view.php?id=CVE-2025-15567
27 Feb 2026 — Insufficient protection mechanisms in the Health Module may lead to partial information disclosure. • https://www.vivo.com/en/support/security-advisory-detail?id=19 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2026-28216 – hoppscotch has IDOR in updateUserEnvironment / deleteUserEnvironment
https://notcve.org/view.php?id=CVE-2026-28216
26 Feb 2026 — The environment ID format is CUID, which limits mass exploitation but insider threat and combined info leak scenarios are realistic. • https://github.com/hoppscotch/hoppscotch/releases/tag/2026.2.0 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2026-28295 – Gvfs: gvfs ftp backend: information disclosure via untrusted pasv responses
https://notcve.org/view.php?id=CVE-2026-28295
26 Feb 2026 — A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode (PASV) response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the malicious server to probe for open ports accessible from the client's network. • https://access.redhat.com/security/cve/CVE-2026-28295 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2026-26207 – DIscourse's discourse-policy plugin lacks post access check
https://notcve.org/view.php?id=CVE-2026-26207
26 Feb 2026 — The `PolicyController` loads posts by ID without verifying the current user's access, enabling policy group members to accept/unaccept policies on posts in private categories or PMs they cannot see and any authenticated user to enumerate which post IDs have policies attached via differentiated error responses (information disclosure). • https://github.com/discourse/discourse/security/advisories/GHSA-jr4h-w6p5-w55r • CWE-862: Missing Authorization •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2026-2244 – Sensitive Data Exposure in Google Cloud Vertex AI Workbench
https://notcve.org/view.php?id=CVE-2026-2244
26 Feb 2026 — A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No user action is required for this. Una vulnerabilidad en Google Cloud Vertex AI Workbench desde el 21/7/2025 hasta el 30/1/2026 permite a un atacante exfiltrar tokens de acceso válidos de Google Cloud de otros usuar... • https://docs.cloud.google.com/vertex-ai/docs/workbench/release-notes#February_20_2026 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2026-28131 – WordPress Elementor Addon Elements plugin <= 1.14.4 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2026-28131
26 Feb 2026 — Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects Elementor Addon Elements: from n/a through <= 1.14.4. Vulnerabilidad de inserción de información sensible en datos enviados en WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder permite recuperar datos sensibles incrustados. Este problema afecta a Elementor Addon Elements: desde n/a has... • https://patchstack.com/database/Wordpress/Plugin/addon-elements-for-elementor-page-builder/vulnerability/wordpress-elementor-addon-elements-plugin-1-14-4-sensitive-data-exposure-vulnerability? • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2026-25941 – FreeRDP: vuln_1_15_1 RDPGFX WIRE_TO_SURFACE_2 Out-of-Bounds Read
https://notcve.org/view.php?id=CVE-2026-25941
25 Feb 2026 — This can lead to information disclosure or client crashes when a user connects to a malicious server. • https://github.com/FreeRDP/FreeRDP/commit/2e3b77e28ac6a398897d28ba464dcc5dfab9c9e2 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 128EXPL: 0CVE-2026-20128 – Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20128
25 Feb 2026 — A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA user privileges on an affected system. To exploit this vulnerability, the attacker must have valid vmanage credentials on the affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by accessing the filesystem as a low-privileged user and reading th... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v • CWE-257: Storing Passwords in a Recoverable Format •
CVSS: 6.5EPSS: 0%CPEs: 289EXPL: 0CVE-2026-20133 – Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20133
25 Feb 2026 — A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •