CVSS: 9.0EPSS: %CPEs: 2EXPL: 0CVE-2026-23492 – Pimcore has a Blind SQL Injection in Admin Search Find API due to an incomplete fix for CVE-2023-30848
https://notcve.org/view.php?id=CVE-2026-23492
14 Jan 2026 — This vulnerability affects the admin interface and can lead to database information disclosure. • https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 1CVE-2026-22211 – TinyOS <= 2.1.2 Global Buffer Overflow in printfUART
https://notcve.org/view.php?id=CVE-2026-22211
14 Jan 2026 — This can cause denial of service, unintended behavior, or information disclosure via corrupted adjacent global state or UART output. • https://github.com/tinyos/tinyos-main • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-66005 – Lack of Authentication in the InputManager D-Bus interface
https://notcve.org/view.php?id=CVE-2025-66005
14 Jan 2026 — Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0 can lead to local Denial-of-Service, information leak or even privilege escalation in the context of the currently active user session. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66005 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-20958 – Microsoft SharePoint Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20958
13 Jan 2026 — Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20958 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2026-20939 – Windows File Explorer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20939
13 Jan 2026 — Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20939 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2026-20937 – Windows File Explorer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20937
13 Jan 2026 — Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20937 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.6EPSS: 0%CPEs: 24EXPL: 0CVE-2026-20936 – Windows NDIS Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20936
13 Jan 2026 — Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20936 • CWE-125: Out-of-bounds Read •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2026-20935 – Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20935
13 Jan 2026 — Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20935 • CWE-822: Untrusted Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2026-20862 – Windows Management Services Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20862
13 Jan 2026 — Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20862 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2026-20932 – Windows File Explorer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-20932
13 Jan 2026 — Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20932 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •