Skip to main content

Information Disclosure

other MEDIUM

Information disclosure occurs when an application unintentionally exposes sensitive data that aids attackers in reconnaissance or directly compromises security.

How It Works

Information disclosure occurs when an application unintentionally exposes sensitive data that aids attackers in reconnaissance or directly compromises security. This happens through multiple channels: verbose error messages that display stack traces revealing internal paths and frameworks, improperly secured debug endpoints left active in production, and misconfigured servers that expose directory listings or version control artifacts like .git folders. APIs often leak excessive data in responses—returning full user objects when only a name is needed, or revealing system internals through metadata fields.

Attackers exploit these exposures systematically. They probe for common sensitive files (.env, config.php, backup archives), trigger error conditions to extract framework details, and analyze response timing or content differences to enumerate valid usernames or resources. Even subtle variations—like "invalid password" versus "user not found"—enable account enumeration. Exposed configuration files frequently contain database credentials, API keys, or internal service URLs that unlock further attack vectors.

The attack flow typically starts with passive reconnaissance: examining HTTP headers, JavaScript bundles, and public endpoints for version information and architecture clues. Active probing follows—testing predictable paths, manipulating parameters to trigger exceptions, and comparing responses across similar requests to identify information leakage patterns.

Impact

  • Credential compromise: Exposed configuration files, hardcoded secrets in source code, or API keys enable direct authentication bypass
  • Attack surface mapping: Stack traces, framework versions, and internal paths help attackers craft targeted exploits for known vulnerabilities
  • Data breach: Direct exposure of user data, payment information, or proprietary business logic through oversharing APIs or accessible backups
  • Privilege escalation pathway: Internal URLs, service discovery information, and architecture details facilitate lateral movement and SSRF attacks
  • Compliance violations: GDPR, PCI-DSS, and HIPAA penalties for exposing regulated data through preventable disclosures

Real-World Examples

A major Git repository exposure affected thousands of websites when .git folders remained accessible on production servers, allowing attackers to reconstruct entire source code histories including deleted commits containing credentials. Tools like GitDumper automated mass exploitation of this misconfiguration.

Cloud storage misconfigurations have repeatedly exposed sensitive data when companies left S3 buckets or Azure Blob containers publicly readable. One incident exposed 150 million voter records because verbose API error messages revealed the storage URL structure, and no authentication was required.

Framework debug modes left enabled in production have caused numerous breaches. Django's DEBUG=True setting exposed complete stack traces with database queries and environment variables, while Laravel's debug pages revealed encryption keys through the APP_KEY variable in environment dumps.

Mitigation

  • Generic error pages: Return uniform error messages to users; log detailed exceptions server-side only
  • Disable debug modes: Enforce production configurations that suppress stack traces, verbose logging, and debug endpoints through deployment automation
  • Access control audits: Restrict or remove development artifacts (.git, backup files, phpinfo()) and internal endpoints before deployment
  • Response minimization: API responses should return only necessary fields; implement allowlists rather than blocklists for data exposure
  • Security headers: Deploy X-Content-Type-Options, remove server version banners, and disable directory indexing
  • Timing consistency: Ensure authentication and validation responses take uniform time regardless of input validity

Recent CVEs (66582)

EPSS 0% CVSS 5.5
MEDIUM This Month

Media Encoder is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Information Disclosure Adobe Media Encoder
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An out-of-bounds read vulnerability was found in libsoup's multipart processing subsystem. The flaw exists in the soup_multipart_input_stream_read_headers() function inside soup-multipart-input-stream.c, which does not adequately restrict or validate the size of incoming multipart boundary strings. When processing a crafted HTTP response containing a malformed or oversized boundary parameter, the internal stream reader reads past the allocated buffer bounds. A remote, unauthenticated attacker can exploit this behavior to cause a service denial (DoS) through application failure or potentially read fragments of unauthorized memory metadata.

Buffer Overflow Information Disclosure Red Hat Enterprise Linux 10 +4
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an authentication bypass through an alternative path or channel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Nvidia Authentication Bypass RCE +2
NVD
EPSS 1% CVSS 3.7
LOW Monitor

Adobe Commerce is affected by an Information Exposure vulnerability that could lead to a limited disclosure of sensitive information. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.

Adobe Information Disclosure Adobe Commerce +3
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network.

Information Disclosure Net 10 0 Net 8 0 +4
NVD
CVSS 3.7
LOW PATCH Monitor

The `_.merge(target, source)` utility exported by `@feathersjs/commons` recursively merges `source` into `target` by iterating `Object.keys(source)`. When `source` was produced by `JSON.parse` and contains a `__proto__` (or `constructor` / `prototype`) key, that key is returned as an own-enumerable property. The recursive merge then resolves `target['__proto__']` to `Object.prototype` and writes the attacker-supplied properties onto it, polluting the prototype for all plain objects in the process for the lifetime of the Node process. **Scope of real-world risk is limited.** No first-party Feathers package routes input - trusted or untrusted - through `commons._.merge`. The `@feathersjs/authentication` package, which does merge request-influenced data, uses `lodash/merge` (prototype-pollution-safe since 4.17.12), not this utility. Exploitation therefore requires a downstream plugin or application to pass JSON-parsed, attacker-controlled input directly through the exported `_.merge`. Fixed in `@feathersjs/commons@5.0.45`. The fix skips `__proto__`, `constructor`, and `prototype` keys during iteration - the standard remediation used by lodash and others. Avoid passing JSON-parsed untrusted input through `commons._.merge`. Freezing `Object.prototype` or validating/sanitizing keys upstream also mitigates. Reported responsibly by Andrew Ridings (@ridingsa).

Prototype Pollution Information Disclosure
NVD GitHub
CVSS 6.5
MEDIUM PATCH This Month

Applications built with the Auth0 Symphony SDK, using the Authorizer security authenticator to protect HTTP routes may accept OAuth 2.0 bearer access tokens provided through a URL query parameter, in addition to the standard Authorization header, which may increase the risk of access token exposure and replay against protected API endpoints. Upgrade auth0/symfony to version 5.9.0 or greater. Okta would like to thank Alex Yeara for their discovery.

Information Disclosure
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local tampering via symbolic-link following in Microsoft .NET (versions 8.0, 9.0, and 10.0) and the bundled toolchain in Visual Studio 2022 (17.12, 17.14) and Visual Studio 2026 (18.7) allows an authorized local attacker to redirect a privileged file operation to an unintended target, corrupting or replacing files outside their normal permissions. Microsoft (the reporter) has released a fix; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. The high CVSS 3.1 base score of 7.0 is tempered by high attack complexity and the requirement for existing low-level local access.

Information Disclosure Net 10 0 Net 8 0 +4
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Denial of service in Open5GS (open-source 5G/EPC core) through version 2.7.7 lets remote unauthenticated attackers crash the AMF by sending a malformed NAS 5GS mobile-identity information element, triggering a heap out-of-bounds read before authentication completes. Because the AMF handles mobility management for the entire network, a single crafted pre-authentication message can produce a subscriber-wide outage rather than affecting only the sender. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, but the pre-auth network-reachable nature makes it a high-priority availability issue for anyone running Open5GS in production.

Buffer Overflow Denial Of Service Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Privilege elevation in ASP.NET Core (bundled with .NET 8.0, 9.0, and 10.0) lets an already-authenticated, low-privileged network attacker gain higher privileges by abusing a flawed authentication algorithm implementation (CWE-303). Microsoft reported the flaw and has released a patch; there is no public exploit identified at time of analysis and it is not on the CISA KEV. The 8.8 CVSS reflects high confidentiality, integrity, and availability impact reachable over the network with only low prior privileges.

Information Disclosure Net 10 0 Net 8 0 +4
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Heap buffer over-read in libsoup's HTTP/2 GOAWAY frame parser allows remote unauthenticated attackers to crash applications or leak heap memory fragments by sending a malformed frame with a non-NUL-terminated Additional Debug Data payload. Affected deployments include applications built on libsoup running on Red Hat Enterprise Linux 10 that accept or initiate HTTP/2 connections. A proof-of-concept exists per SSVC data, though exploitation is rated non-automatable and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

Buffer Overflow Denial Of Service Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Devolutions Server 2026.1.22.0 and 2026.2.11.0 exposes Azure Key Vault client secrets in cleartext within Recovery Kit response files, defeating an explicit 'exclude sensitive data' option that administrators rely on. Any party who obtains a copy of the generated response file can trivially read the credential without any decryption or tooling. No public exploit code exists and the vulnerability is not in CISA KEV; however, because successful exploitation yields a reusable cloud credential, the downstream blast radius in Azure environments substantially exceeds what the 3.3 CVSS base score suggests. A vendor-released patch is available.

Hashicorp Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Audition is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Information Disclosure Audition
NVD
EPSS 0% CVSS 3.3
LOW POC PATCH Monitor

Memory leak regression in Wasmtime 37.0.0 and 37.0.1 causes permanent host-process memory exhaustion when C/C++ embeddings use `externref` or `anyref` WebAssembly reference types. The refactoring from `ManuallyRooted<T>` to `OwnedRooted<T>` introduced three distinct defects - a no-op typo in `wasmtime_val_unroot`, unreleased return values from host-defined callbacks, and missing C++ destructors - that collectively prevent GC roots from ever being freed, even after the WebAssembly store is destroyed. No public exploit confirmed in CISA KEV; a proof-of-concept is publicly available, but EPSS at 0.18% (7th percentile) and SSVC exploitation status of none indicate minimal active threat.

Information Disclosure
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM This Month

TOCTOU Race Condition in specific trace commands of the TraceEvent() system call could allow an attacker with local access and with the PROCMGR_AID_TRACE ability, to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel.

Information Disclosure Qnx Software Development Platform Qnx Os For Safety +1
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Local information disclosure, data tampering, and denial of service in the BlackBerry QNX Neutrino kernel stems from a stack buffer overflow in the entry handler of the TraceEvent() system call, affecting QNX Software Development Platform, QNX OS for Safety, and QNX OS for Medical. An attacker able to run code on the target can craft malicious TraceEvent() arguments to corrupt kernel stack memory, leaking sensitive kernel data, altering kernel state, or crashing the RTOS. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; exploitation is rated high-complexity (AC:H) despite requiring no prior privileges.

Buffer Overflow Stack Overflow Information Disclosure +3
NVD
EPSS 1% CVSS 7.1
HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Active Directory Federation Services (AD FS) lets an authenticated, network-based attacker read memory outside intended bounds and leak sensitive data, per Microsoft's own report of the flaw (tracked in MSRC as CVE-2026-58529). The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N, C:H) indicates low-privilege remote exploitation with high confidentiality impact; there is no public exploit identified at time of analysis and it is not on CISA KEV. A vendor patch is available. Note a data discrepancy: the flaw is described as AD FS (a server role) yet the only CPE lists the Windows 11 version 26H1 client - verify affected platforms with Microsoft.

Buffer Overflow Information Disclosure Windows 11 Version 26H1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Wireless Networking component affects a broad span of currently supported Windows releases (Windows 10 1809 through Windows 11 26H1, and Windows Server 2019/2022/2025), letting an already-authenticated local user win a timing race to gain SYSTEM-level control. The flaw is a CWE-362 race condition where improperly synchronized access to a shared resource can be manipulated during a narrow execution window; CVSS 7.8 reflects a high-complexity but high-impact local escalation with a scope change. Microsoft (the reporter) has shipped a patch, and there is no public exploit identified at time of analysis.

Microsoft Race Condition Information Disclosure +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library allows an authenticated attacker to gain SYSTEM-level privileges by triggering a type-confusion (CWE-843) condition. The flaw affects a broad range of supported Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. Reported internally by Microsoft with a vendor patch available; no public exploit identified at time of analysis.

Microsoft Memory Corruption Information Disclosure +14
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH Exploit Unlikely This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges with a physical attack.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 1% CVSS 7.5
HIGH PATCH Exploit Likely This Week

Elevation of privilege in the Windows SMB implementation allows an authenticated network attacker to win a race condition and gain higher privileges on affected systems, spanning Windows 10, Windows 11, and Windows Server 2012 through 2025. The flaw is a concurrency defect (CWE-362) reported by Microsoft with a vendor patch already released; there is no public exploit identified at time of analysis. Note a data conflict: the description and CVSS impacts describe privilege elevation with full confidentiality/integrity/availability impact, while the intelligence tags also label it 'Information Disclosure' — the CVSS vector should be treated as authoritative.

Microsoft Race Condition Information Disclosure +18
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.

Buffer Overflow Microsoft Information Disclosure +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Runtime (WinRT) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2022/2025, where a race condition in shared-resource handling lets an already-authenticated local user win a timing window to gain higher privileges. Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and the CVSS base score is 7.8 (High). Note that Microsoft's tags label this as Information Disclosure while the description and CVSS impact metrics describe full privilege elevation - this discrepancy should be verified against the vendor advisory.

Microsoft Race Condition Information Disclosure +6
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Information disclosure via uninitialized resource use in Windows Remote Desktop Protocol (RDP) exposes sensitive memory contents to authenticated remote attackers across a wide range of Microsoft Windows desktop and server editions. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms this is exploitable over the network by any low-privileged authenticated user with no complexity or interaction requirements, yielding high confidentiality impact. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low barrier to exploitation and the ubiquitous deployment of Windows RDP make this a meaningful patching priority.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH Exploit Unlikely This Month

Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to perform tampering locally.

Microsoft Information Disclosure Windows Subsystem For Linux Wsl2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an unauthorized attacker to elevate privileges locally.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows File Explorer allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Use of uninitialized resource in Microsoft Windows Codecs Library allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Elevation of privilege in the Windows Network File System (NFS) component affects a broad range of Microsoft platforms - Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025 - where an authorized attacker can win a time-of-check/time-of-use (TOCTOU) race condition over the network to gain higher privileges. The CVSS 3.1 vector (AV:N/AC:H/PR:L) indicates a network-reachable but high-complexity flaw requiring low-level existing privileges, with full high impact to confidentiality, integrity and availability. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; a Microsoft (MSRC) patch is available.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Microsoft Defender For Endpoint For Mac
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Office exposes sensitive memory contents to a local, unauthenticated attacker who can induce a user to open a malicious document. Affected products span the full current Office portfolio - Office 2016 through LTSC 2024 on both Windows and macOS - making the blast radius broad despite the local attack vector. No public exploit identified at time of analysis and SSVC classifies exploitation as none and not automatable, though the high confidentiality impact (C:H) and near-universal deployment of Office keep this a meaningful patching priority.

Buffer Overflow Microsoft Information Disclosure +8
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Office (Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, and Office for Mac) arises from an out-of-bounds read (CWE-125) that lets an attacker who convinces a victim to open a crafted file read memory beyond an intended buffer boundary. Exploitation is local and requires user interaction, and there is no public exploit identified at time of analysis and no CISA KEV listing. Disclosed memory can leak sensitive data such as heap contents or pointer addresses useful for defeating ASLR in a follow-on exploit chain.

Buffer Overflow Microsoft Information Disclosure +8
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Information disclosure in Microsoft Windows Schannel (the Secure Channel TLS/SSL provider) lets an authenticated, network-adjacent attacker read memory beyond an allocated buffer and leak sensitive data across a network connection. The flaw spans nearly the entire supported Windows family - Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025. Reported by Microsoft with a fix available; there is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 21H2 +7
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Win32k GRFX subsystem across Windows 10, Windows 11, and Windows Server 2012 through 2025 lets an authenticated low-privileged local attacker elevate to SYSTEM by triggering an out-of-bounds read (CWE-125). The flaw was reported internally by Microsoft, a vendor patch is available via MSRC, and there is no public exploit identified at time of analysis. CVSS is 7.8 (High), reflecting a local vector with low complexity and low privileges required.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +9
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Type confusion (CWE-843) in Microsoft SQL Server 2025 enables authenticated, low-privileged network attackers to disclose sensitive server-side information. The CVSS vector (AV:N/PR:L/C:H) confirms that any authorized database user - regardless of their data access permissions - can potentially trigger the flaw remotely with no user interaction required. No public exploit code or CISA KEV listing exists at time of analysis, but the high confidentiality impact and low access complexity make patching a meaningful priority for organizations running SQL Server 2025.

Memory Corruption Information Disclosure Microsoft Sql Server 2025 Cu 6 +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +8
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Uninitialized memory disclosure in Microsoft Office exposes sensitive data locally when a user interacts with a crafted document. The vulnerability, rooted in CWE-908 (Use of Uninitialized Resource), affects the full breadth of current Office deployments across Windows and macOS, including Office 2016 through LTSC 2024 and Microsoft 365 Apps for Enterprise. No public exploit code has been identified at time of analysis, and SSVC signals confirm no observed exploitation; however, the High confidentiality impact warrants prompt patching given Office's ubiquitous deployment footprint.

Microsoft Information Disclosure Microsoft 365 Apps For Enterprise +7
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Numeric truncation error in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Microsoft 365 Apps For Enterprise +8
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally.

Information Disclosure Microsoft Integer Overflow +8
NVD
EPSS 0% CVSS 7.1
HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Office Excel (2016, Office 2019, LTSC 2021/2024, Microsoft 365 Apps, Office for Mac, and Office Online Server) lets an attacker read out-of-bounds memory when a victim opens a maliciously crafted spreadsheet, potentially leaking sensitive process data such as memory contents, pointers, or credentials. Rated CVSS 7.1 with a local attack vector requiring user interaction, the flaw stems from a CWE-125 out-of-bounds read in Excel's file parser. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the ubiquity of Excel and Microsoft's confirmed patch make prompt patching important.

Buffer Overflow Microsoft Information Disclosure +9
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Excel (Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, Office for Mac, Office Online Server) arises from an out-of-bounds read (CWE-125) that an attacker weaponizes by luring a victim into opening a crafted spreadsheet, yielding code execution in the user's security context. The flaw carries a CVSS 7.8 (AV:L/AC:L/PR:N/UI:R) and requires no privileges but does require user interaction. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure +9
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Microsoft Information Disclosure +9
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Excel (Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, Office for Mac, and Office Online Server) arises from an out-of-bounds read (CWE-125) triggered when a victim opens a maliciously crafted spreadsheet. CVSS 7.8 with high impact to confidentiality, integrity, and availability; no public exploit identified at time of analysis. Exploitation requires user interaction (opening the file) but no prior authentication or privileges on the target beyond the ability to induce the user to open the document.

Buffer Overflow Microsoft Information Disclosure +9
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +11
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Improper validation of specified type of input in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Microsoft 365 Apps For Enterprise +10
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Untrusted pointer dereference (CWE-822) in Microsoft Excel allows a local attacker to disclose sensitive memory contents when a victim opens a specially crafted workbook. The flaw affects a broad swath of Microsoft Office product lines - from Excel 2016 through Office LTSC 2024 and their Mac counterparts - as confirmed by CPE enumeration. No public exploit code or active exploitation has been identified at time of analysis; SSVC rates exploitation as none and technical impact as partial, placing this in the moderate real-world priority tier despite the C:H CVSS rating.

Microsoft Information Disclosure Microsoft 365 Apps For Enterprise +8
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +11
NVD
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, 365 Apps, and the macOS builds) stems from an out-of-bounds read in a file-parsing routine that lets a crafted document corrupt memory and run attacker-controlled code in the context of the current user. The same document-parsing components also affect SharePoint Enterprise Server 2016, SharePoint Server 2019, and the Subscription Edition. Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis.

Buffer Overflow Microsoft Information Disclosure +11
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +11
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +11
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +11
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH Exploit Unlikely This Month

Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally.

Information Disclosure Microsoft Integer Overflow +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Excel (spanning Excel 2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps for Enterprise, the macOS builds, and Office Online Server) arises from an out-of-bounds read (CWE-125) that an attacker triggers by convincing a user to open a maliciously crafted workbook. The CVSS 3.1 base score is 7.8 with high confidentiality, integrity, and availability impact, but exploitation requires user interaction (opening the file) and no active exploitation or public proof-of-concept has been reported. There is no public exploit identified at time of analysis; Microsoft has released a patch via its Security Update Guide.

Buffer Overflow Microsoft Information Disclosure +9
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +11
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +9
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +9
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Microsoft 365 Apps For Enterprise +8
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Uninitialized memory disclosure in the Windows SMB stack allows a locally authenticated attacker to read sensitive contents from uninitialized buffers, affecting Windows 10, Windows 11, and Windows Server 2012 through 2025. The flaw (CWE-908) resides in the SMB subsystem where a resource is consumed before being properly zeroed, leaking residual memory contents to a low-privileged local user. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog; SSVC assessment places exploitation at none with partial technical impact, making this a standard patch-cycle priority rather than an emergency response item.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Runtime (WinRT) across Windows 10, Windows 11, and Windows Server 2019 through 2025 allows an already-authenticated attacker to win a race condition and gain SYSTEM-level privileges. The flaw stems from concurrent access to a shared resource without proper synchronization, and full C:H/I:H/A:H impact indicates complete host compromise once triggered. Reported by Microsoft with a patch available; no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Microsoft Race Condition Information Disclosure +11
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Remote code execution in the Microsoft Windows DHCP Server role (Windows Server 2012 through 2025, plus Windows 10 1607/1809) arises from a double-free (CWE-415) condition that an authorized, network-adjacent attacker can trigger to run arbitrary code in the DHCP service context. The CVSS 3.1 vector (AV:N/AC:H/PR:L/UI:N) indicates a network-reachable but high-complexity attack requiring low-level privileges, with full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and no CISA KEV listing, so exploitation appears theoretical rather than active for now.

Microsoft Information Disclosure Windows 10 Version 1607 +11
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Denial of service in Windows Active Directory allows an authenticated network attacker to crash or degrade the directory service via an out-of-bounds read (CWE-125). The flaw affects Active Directory across Windows 10 (21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2022/2025 including Server Core; there is no public exploit identified at time of analysis. Impact is primarily availability (A:H) with a minor confidentiality leak (C:L), and Microsoft has released a patch.

Buffer Overflow Microsoft Information Disclosure +8
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows Media component of Windows 11 (versions 24H2, 25H2, and 26H1) allows an already-authenticated local attacker to win a race condition and gain SYSTEM-level privileges. Rated CVSS 7.8 (High), the flaw stems from improper synchronization of a shared resource; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Microsoft has released a patch via the MSRC update guide.

Microsoft Race Condition Information Disclosure +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an already-authenticated attacker read memory outside allocated bounds (CWE-125) and leverage it to elevate to SYSTEM across a broad range of client and server builds (Windows 10 1809 through Windows 11 26H1, Windows Server 2019 through 2025). Microsoft rates it CVSS 8.8 with a changed scope, and a vendor patch is available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure +11
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in the Windows Telephony Service (TAPI) affects a broad range of Microsoft Windows client and server releases, from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. A local, low-privileged attacker who wins a race condition (CWE-362) in the service's handling of a shared resource can corrupt state and elevate to higher privileges, gaining full confidentiality, integrity, and availability impact on the host. There is no public exploit identified at time of analysis and it is not on CISA KEV; EPSS was not provided.

Microsoft Race Condition Information Disclosure +18
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH Exploit Likely This Week

Elevation of privilege in the Windows NTFS file-system driver lets an already-authenticated local user escalate to SYSTEM by winning a race condition (CWE-362) in the way NTFS handles a shared resource without proper synchronization. All currently supported Windows client and server builds are affected, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. There is no public exploit identified at time of analysis, but Microsoft has released a patch and rates the impact as full loss of confidentiality, integrity, and availability once exploited.

Microsoft Race Condition Information Disclosure +18
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Defender for Endpoint for macOS lets an authenticated local attacker exploit a time-of-check-to-time-of-use race to gain elevated privileges. The flaw (CWE-367) requires winning a timing window between when Defender validates a resource and when it acts on it, yielding high confidentiality, integrity, and availability impact. Microsoft has published a fix, and there is no public exploit identified at time of analysis.

Microsoft Information Disclosure Microsoft Defender For Endpoint For Mac
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH Exploit Unlikely This Month

Exposure of private personal information to an unauthorized actor in Microsoft Defender allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Microsoft Defender For Endpoint For Mac
NVD
EPSS 1% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Information disclosure in the Windows Network Policy Server (NPS) SNMP handling allows a remote, unauthenticated attacker to read out-of-bounds memory over the network and disclose potentially sensitive data. The flaw affects a broad range of Windows Server (2012 through 2025) and Windows client builds where the NPS role/SNMP component is present. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; a vendor patch is available from Microsoft (MSRC).

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Off-by-one memory boundary error in the Windows Remote Desktop Protocol exposes sensitive memory contents over the network to unauthenticated remote attackers on all major Windows client and server releases. The CWE-193 root cause allows the RDP parser to read one element beyond an allocated buffer boundary, yielding a high-confidentiality-impact information disclosure (C:H) with no integrity or availability consequence. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog; however, the breadth of affected Windows versions - spanning Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through 2025 - gives this a wide potential attack surface warranting prompt patching.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Runtime (WinRT) affects current Microsoft platforms including Windows 11 24H2, 25H2, 26H1, and Windows Server 2025, where a race condition (CWE-362) in the handling of a shared resource lets an already-authenticated local user win a timing window to gain higher privileges. Microsoft has released a patch, and there is no public exploit identified at time of analysis. With a CVSS 7.0 (AV:L/AC:H/PR:L) the flaw requires local access and precise timing, making it a plausible second-stage escalation rather than an initial entry point.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Code Integrity module (ci.dll) lets an already-authenticated low-privileged attacker read out-of-bounds memory (CWE-125) and leverage the resulting condition to gain higher privileges on affected Windows 10, Windows 11, and Windows Server systems back to Server 2012. The CVSS 3.1 score is 7.0 (High) with a local vector and high attack complexity, and there is no public exploit identified at time of analysis. Microsoft self-reported the issue and has released a patch through the MSRC update guide.

Buffer Overflow Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Elevation of privilege in the Microsoft Windows Universal Disk Format File System driver (UDFS) allows a local attacker to gain higher privileges after a user mounts or opens a maliciously crafted UDF-formatted volume such as an ISO or disc image. The flaw is an out-of-bounds read (CWE-125) in the kernel-mode UDFS parser, and successful exploitation yields high impact to confidentiality, integrity, and availability (CVSS 7.8). No public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.

Buffer Overflow Microsoft Information Disclosure +18
NVD
HIGH PATCH This Week

Unauthenticated arbitrary file write in OpenCost (all versions up to and including releases before 1.119.1) lets remote clients POST to the /serviceKey endpoint and overwrite the GCP service account key file (key.json) with attacker-controlled content, with no authentication and no input validation. An attacker can either corrupt the credential file to break GCP cost collection or inject their own valid service-account key to redirect the target's billing/cost data to an attacker-owned GCP project. Publicly available exploit code exists (a full reproducible PoC is in the GHSA advisory); no public evidence of active exploitation and no CISA KEV listing.

Privilege Escalation Authentication Bypass Kubernetes +1
NVD GitHub
EPSS 1% CVSS 8.0
HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Windows Event Logging Service allows an authenticated attacker with low privileges to execute code over a network after enticing a user into an interaction (UI:R), due to insufficient granularity of access control (CWE-1220). The flaw affects a broad range of Windows client and server builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 11 Version 24H2 +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows USB Hub Driver allows an authenticated low-privileged user to elevate to SYSTEM by triggering an untrusted pointer dereference (CWE-822), affecting Windows 10 (1809/21H2/22H2) and Windows Server 2019 through 2025. Successful exploitation yields full confidentiality, integrity, and availability impact on the local host. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but Microsoft has released a patch.

Microsoft Information Disclosure Windows 10 Version 1809 +7
NVD
EPSS 1% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Information disclosure in the Windows Network Policy Server (NPS) SNMP component allows a remote, unauthenticated attacker to read out-of-bounds memory over the network and disclose sensitive process data. The flaw affects a broad range of Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. It was reported by Microsoft, a vendor patch is available, and no public exploit has been identified at time of analysis (not listed in CISA KEV).

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Wireless Wide Area Network (WWAN) Service allows a low-privileged authenticated user to win a race condition and gain SYSTEM-level privileges across Windows 10, Windows 11, and Windows Server 2019 through 2025. The flaw stems from improper synchronization of a shared resource (CWE-362), and the scope-changed CVSS impact (S:C) reflects that successful exploitation crosses from the attacker's low-privilege context into a higher-privileged service. No public exploit identified at time of analysis, and it is not listed in CISA KEV, though Microsoft credits itself as the reporter, indicating internal discovery.

Microsoft Race Condition Information Disclosure +11
NVD
EPSS 1% CVSS 8.2
HIGH PATCH Exploit Unlikely This Week

Remote information disclosure in the Microsoft Windows Kernel (CWE-125 out-of-bounds read) lets an unauthenticated attacker read kernel memory over a network, per the CVSS AV:N/PR:N vector, affecting a broad range of Windows 10, Windows 11, and Windows Server 2016 through 2025 builds. The flaw carries high confidentiality impact (C:H) with a minor availability side effect and no integrity impact, scoring CVSS 8.2. No public exploit is identified at time of analysis and it is not in CISA KEV, but the network-reachable, no-authentication, no-interaction profile makes it a notable patch priority.

Buffer Overflow Microsoft Information Disclosure +14
NVD
Prev Page 2 of 740 Next

Quick Facts

Typical Severity
MEDIUM
Category
other
Total CVEs
66582

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy