Skip to main content
CVE-2026-15738 MEDIUM PATCH This Month

Incorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another namespace's gRPC traffic on a shared Gateway via a crafted HTTPRoute resource. To mitigate this issue, users should upgrade to version 3.4.2.

Information Disclosure Aws Load Balancer Controller
NVD GitHub
CVSS 4.0
5.8
EPSS
0.4%
CVE-2026-62655 MEDIUM PATCH This Month

Stack-based buffer overflow in multiple NETGEAR Orbi mesh WiFi models (RBR860, RBRE950/960, RBE970/971, RBS860, RBSE950/960) enables an unauthenticated adjacent-network attacker to crash or force a restart of the affected device, causing a loss of network connectivity. The root cause is CWE-121 (stack-based buffer overflow), meaning a crafted network payload can overwrite stack memory and destabilize the device process. The CVSS 4.0 supplemental metric E:P indicates a proof-of-concept exploit exists, elevating practical risk despite the moderate base score of 5.7.

Buffer Overflow Stack Overflow Netgear Rbr860 Rbre950 +6
NVD
CVSS 4.0
5.7
EPSS
0.2%
CVE-2026-57084 MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows File Explorer allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2026-57083 MEDIUM PATCH This Month

Use of uninitialized resource in Microsoft Windows Codecs Library allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2026-55027 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Office 2016 +9
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2026-55047 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Office 2016 +9
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2026-56184 MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 21H2 Windows 10 Version 22H2 Windows 11 Version 24H2 +5
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2026-50389 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2026-55046 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2026-48580 MEDIUM PATCH Exploit Unlikely This Month

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Excel 2016 Microsoft Office 2019 +6
NVD VulDB
CVSS 3.1
5.5
EPSS
0.5%
CVE-2026-50475 MEDIUM PATCH Exploit Likely This Month

Buffer over-read in Windows Kernel allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-56195 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Office exposes sensitive memory contents to a local, unauthenticated attacker who can induce a user to open a malicious document. Affected products span the full current Office portfolio - Office 2016 through LTSC 2024 on both Windows and macOS - making the blast radius broad despite the local attack vector. No public exploit identified at time of analysis and SSVC classifies exploitation as none and not automatable, though the high confidentiality impact (C:H) and near-universal deployment of Office keep this a meaningful patching priority.

Buffer Overflow Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Office 2016 +6
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-56192 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Office 2016 +9
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-55042 MEDIUM PATCH This Month

Uninitialized memory disclosure in Microsoft Office exposes sensitive data locally when a user interacts with a crafted document. The vulnerability, rooted in CWE-908 (Use of Uninitialized Resource), affects the full breadth of current Office deployments across Windows and macOS, including Office 2016 through LTSC 2024 and Microsoft 365 Apps for Enterprise. No public exploit code has been identified at time of analysis, and SSVC signals confirm no observed exploitation; however, the High confidentiality impact warrants prompt patching given Office's ubiquitous deployment footprint.

Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Office 2016 Microsoft Office 2019 +5
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-55057 MEDIUM PATCH Exploit Unlikely This Month

Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally.

Information Disclosure Microsoft Integer Overflow Microsoft 365 Apps For Enterprise Microsoft Office 2016 +6
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-55028 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Office 2016 +9
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-47994 MEDIUM This Month

Stored cross-site scripting in Adobe Commerce, Adobe Commerce B2B, and Magento Open Source lets a low-privileged authenticated attacker persist malicious JavaScript into vulnerable form fields, which then executes in a victim's browser and can escalate to account or session takeover. Because scope is changed (S:C), the injected script runs in a security context beyond the attacker's own privileges - the hallmark of admin-panel or storefront XSS crossing a trust boundary. No public exploit identified at time of analysis, but the 8.7 CVSS and account-takeover impact make this a meaningful priority for e-commerce operators running the affected platforms.

XSS Adobe Adobe Commerce Adobe Commerce B2B Magento Open Source +1
NVD VulDB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2026-50334 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Notification allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50350 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 21H2 Windows 10 Version 22H2 Windows 11 Version 24H2 +4
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50316 MEDIUM PATCH Exploit Unlikely This Month

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 21H2 Windows 10 Version 22H2 Windows 11 Version 24H2 +5
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-41087 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-33842 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +14
NVD VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-34349 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Media allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-55121 MEDIUM PATCH This Month

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Office 2016 +9
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50408 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50455 MEDIUM PATCH This Month

Local information disclosure in Windows Universal Plug and Play (upnp.dll) exposes sensitive memory contents to authorized low-privilege users across a wide range of Windows 10, Windows 11, and Windows Server releases. The flaw stems from use of an uninitialized resource (CWE-908), meaning the UPnP service reads from memory that has not been properly initialized before use, potentially leaking stale heap or stack contents. No active exploitation has been confirmed and no public exploit code has been identified at time of analysis; a vendor patch is available via the Microsoft Security Response Center.

Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +14
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-50341 MEDIUM PATCH Exploit Unlikely This Month

Buffer over-read in Windows NTFS allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-50300 MEDIUM PATCH Exploit Unlikely This Month

Integer underflow in the Windows Kernel enables a locally authenticated attacker to disclose sensitive kernel memory contents across a broad range of Windows 10, Windows 11, and Windows Server platforms. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms that any low-privilege local user can trigger the flaw without special configuration or user interaction, yielding high confidentiality impact with no integrity or availability consequences. Microsoft has released a patch via the July 2026 Security Update Guide; no public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-49801 MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-40422 MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-54997 MEDIUM PATCH This Month

Information disclosure via uninitialized memory in the Windows SMB driver stack affects a broad range of Windows 10, Windows 11, and Windows Server versions. A locally authenticated, low-privileged attacker can trigger a code path that reads from uninitialized memory within the SMB subsystem, potentially leaking sensitive kernel or heap memory contents. No public exploit code or active exploitation has been identified at the time of analysis; Microsoft has released a patch via MSRC.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-49177 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows TCP/IP allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-50381 MEDIUM PATCH Exploit Unlikely This Month

Access of resource using incompatible type ('type confusion') in Composite Image File System Driver allows an authorized attacker to disclose information locally.

Memory Corruption Information Disclosure Windows 10 Version 21H2 Windows 10 Version 22H2 Windows 11 Version 24H2 +5
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-58614 MEDIUM PATCH This Month

Out-of-bounds read in Windows Kernel allows an authorized attacker to bypass a security feature locally.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-58545 MEDIUM PATCH This Month

Improper access control in Windows Kernel allows an authorized attacker to bypass a security feature locally.

Authentication Bypass Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-47979 MEDIUM This Month

Media Encoder is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Information Disclosure Adobe Media Encoder
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-58638 MEDIUM PATCH Exploit Likely This Month

Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.

Authentication Bypass Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +14
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-50295 MEDIUM PATCH Exploit Unlikely This Month

Improper privilege management in Microsoft Windows DNS allows an authorized attacker to bypass a security feature locally.

Microsoft Privilege Escalation Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-50303 MEDIUM PATCH Exploit Unlikely This Month

Use of a cryptographic primitive with a risky implementation in Windows Key Guard allows an authorized attacker to bypass a security feature locally.

Authentication Bypass Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-34346 MEDIUM PATCH Exploit Unlikely This Month

Cleartext transmission of sensitive information in Windows Ancillary Function Driver for WinSock allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +16
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-48353 MEDIUM This Month

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Information Disclosure C2Pa C2Pa Web C2Patool
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-15752 MEDIUM This Month

Missing authorization on the `/api/v1/users/` backend user endpoint in xianyu-auto-reply allows remote unauthenticated attackers to access or manipulate user account data without any credentials. The flaw (CWE-862) affects all commits up to dcb445ad97816ad65299a7580ee0c8c8f929da84 in this FastAPI-based Python backend for automating Xianyu marketplace replies. A public exploit exists (CVSS 4.0 E:P), though no active exploitation is confirmed in CISA KEV; the vendor-issued patch commit is the recommended remediation given the project's rolling release model.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-47969 MEDIUM This Month

Audition is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Information Disclosure Audition
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-56178 MEDIUM PATCH Exploit Unlikely This Month

Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Microsoft Defender For Endpoint For Mac
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-55138 MEDIUM PATCH Exploit Unlikely This Month

Untrusted pointer dereference (CWE-822) in Microsoft Excel allows a local attacker to disclose sensitive memory contents when a victim opens a specially crafted workbook. The flaw affects a broad swath of Microsoft Office product lines - from Excel 2016 through Office LTSC 2024 and their Mac counterparts - as confirmed by CPE enumeration. No public exploit code or active exploitation has been identified at time of analysis; SSVC rates exploitation as none and technical impact as partial, placing this in the moderate real-world priority tier despite the C:H CVSS rating.

Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Excel 2016 Microsoft Office 2019 +6
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50690 MEDIUM PATCH This Month

Uninitialized memory disclosure in the Windows SMB stack allows a locally authenticated attacker to read sensitive contents from uninitialized buffers, affecting Windows 10, Windows 11, and Windows Server 2012 through 2025. The flaw (CWE-908) resides in the SMB subsystem where a resource is consumed before being properly zeroed, leaking residual memory contents to a low-privileged local user. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog; SSVC assessment places exploitation at none with partial technical impact, making this a standard patch-cycle priority rather than an emergency response item.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50681 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2026-50483 MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-50394 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Media allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +13
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50431 MEDIUM PATCH This Month

Windows Quality of Service (QoS) Packet Scheduler Information Disclosure Vulnerability

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.5%
Prev Page 17 of 20 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy