Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Stored cross-site scripting in Adobe Commerce, Adobe Commerce B2B, and Magento Open Source lets a low-privileged authenticated attacker persist malicious JavaScript into vulnerable form fields, which then executes in a victim's browser and can escalate to account or session takeover. Because scope is changed (S:C), the injected script runs in a security context beyond the attacker's own privileges - the hallmark of admin-panel or storefront XSS crossing a trust boundary. No public exploit identified at time of analysis, but the 8.7 CVSS and account-takeover impact make this a meaningful priority for e-commerce operators running the affected platforms.
Exposure of sensitive information to an unauthorized actor in Windows Notification allows an authorized attacker to disclose information locally.
Exposure of sensitive information to an unauthorized actor in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
Exposure of sensitive information to an unauthorized actor in Windows Media allows an authorized attacker to disclose information locally.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Local information disclosure in Windows Universal Plug and Play (upnp.dll) exposes sensitive memory contents to authorized low-privilege users across a wide range of Windows 10, Windows 11, and Windows Server releases. The flaw stems from use of an uninitialized resource (CWE-908), meaning the UPnP service reads from memory that has not been properly initialized before use, potentially leaking stale heap or stack contents. No active exploitation has been confirmed and no public exploit code has been identified at time of analysis; a vendor patch is available via the Microsoft Security Response Center.
Buffer over-read in Windows NTFS allows an authorized attacker to disclose information locally.
Integer underflow in the Windows Kernel enables a locally authenticated attacker to disclose sensitive kernel memory contents across a broad range of Windows 10, Windows 11, and Windows Server platforms. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms that any low-privilege local user can trigger the flaw without special configuration or user interaction, yielding high confidentiality impact with no integrity or availability consequences. Microsoft has released a patch via the July 2026 Security Update Guide; no public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally.
Use of uninitialized resource in Windows File Explorer allows an authorized attacker to disclose information locally.
Information disclosure via uninitialized memory in the Windows SMB driver stack affects a broad range of Windows 10, Windows 11, and Windows Server versions. A locally authenticated, low-privileged attacker can trigger a code path that reads from uninitialized memory within the SMB subsystem, potentially leaking sensitive kernel or heap memory contents. No public exploit code or active exploitation has been identified at the time of analysis; Microsoft has released a patch via MSRC.
Out-of-bounds read in Windows TCP/IP allows an authorized attacker to disclose information locally.
Access of resource using incompatible type ('type confusion') in Composite Image File System Driver allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Kernel allows an authorized attacker to bypass a security feature locally.
Improper access control in Windows Kernel allows an authorized attacker to bypass a security feature locally.
Media Encoder is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.
Improper privilege management in Microsoft Windows DNS allows an authorized attacker to bypass a security feature locally.
Use of a cryptographic primitive with a risky implementation in Windows Key Guard allows an authorized attacker to bypass a security feature locally.
Cleartext transmission of sensitive information in Windows Ancillary Function Driver for WinSock allows an authorized attacker to disclose information locally.
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Missing authorization on the `/api/v1/users/` backend user endpoint in xianyu-auto-reply allows remote unauthenticated attackers to access or manipulate user account data without any credentials. The flaw (CWE-862) affects all commits up to dcb445ad97816ad65299a7580ee0c8c8f929da84 in this FastAPI-based Python backend for automating Xianyu marketplace replies. A public exploit exists (CVSS 4.0 E:P), though no active exploitation is confirmed in CISA KEV; the vendor-issued patch commit is the recommended remediation given the project's rolling release model.
Audition is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.
Use of uninitialized resource in Windows File Explorer allows an unauthorized attacker to disclose information locally.
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
Untrusted pointer dereference (CWE-822) in Microsoft Excel allows a local attacker to disclose sensitive memory contents when a victim opens a specially crafted workbook. The flaw affects a broad swath of Microsoft Office product lines - from Excel 2016 through Office LTSC 2024 and their Mac counterparts - as confirmed by CPE enumeration. No public exploit code or active exploitation has been identified at time of analysis; SSVC rates exploitation as none and technical impact as partial, placing this in the moderate real-world priority tier despite the C:H CVSS rating.
Uninitialized memory disclosure in the Windows SMB stack allows a locally authenticated attacker to read sensitive contents from uninitialized buffers, affecting Windows 10, Windows 11, and Windows Server 2012 through 2025. The flaw (CWE-908) resides in the SMB subsystem where a resource is consumed before being properly zeroed, leaking residual memory contents to a low-privileged local user. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog; SSVC assessment places exploitation at none with partial technical impact, making this a standard patch-cycle priority rather than an emergency response item.
Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information locally.
Exposure of sensitive information to an unauthorized actor in Windows Media allows an authorized attacker to disclose information locally.
Windows Quality of Service (QoS) Packet Scheduler Information Disclosure Vulnerability
Windows File Explorer on a wide range of Microsoft Windows client and server versions exposes sensitive information to locally authenticated standard users, achieving high confidentiality impact without requiring elevated privileges. The flaw (CWE-200) is confined to the local attack surface - CVSS AV:L/PR:L - meaning the attacker must already hold an interactive session on the target system. No public exploit code and no CISA KEV listing have been identified at time of analysis; a vendor patch is available through Microsoft Security Response Center.
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
Exposure of sensitive information to an unauthorized actor in Windows Overlay Filter allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.
Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.