Skip to main content

Information Disclosure

other MEDIUM

Information disclosure occurs when an application unintentionally exposes sensitive data that aids attackers in reconnaissance or directly compromises security.

How It Works

Information disclosure occurs when an application unintentionally exposes sensitive data that aids attackers in reconnaissance or directly compromises security. This happens through multiple channels: verbose error messages that display stack traces revealing internal paths and frameworks, improperly secured debug endpoints left active in production, and misconfigured servers that expose directory listings or version control artifacts like .git folders. APIs often leak excessive data in responses—returning full user objects when only a name is needed, or revealing system internals through metadata fields.

Attackers exploit these exposures systematically. They probe for common sensitive files (.env, config.php, backup archives), trigger error conditions to extract framework details, and analyze response timing or content differences to enumerate valid usernames or resources. Even subtle variations—like "invalid password" versus "user not found"—enable account enumeration. Exposed configuration files frequently contain database credentials, API keys, or internal service URLs that unlock further attack vectors.

The attack flow typically starts with passive reconnaissance: examining HTTP headers, JavaScript bundles, and public endpoints for version information and architecture clues. Active probing follows—testing predictable paths, manipulating parameters to trigger exceptions, and comparing responses across similar requests to identify information leakage patterns.

Impact

  • Credential compromise: Exposed configuration files, hardcoded secrets in source code, or API keys enable direct authentication bypass
  • Attack surface mapping: Stack traces, framework versions, and internal paths help attackers craft targeted exploits for known vulnerabilities
  • Data breach: Direct exposure of user data, payment information, or proprietary business logic through oversharing APIs or accessible backups
  • Privilege escalation pathway: Internal URLs, service discovery information, and architecture details facilitate lateral movement and SSRF attacks
  • Compliance violations: GDPR, PCI-DSS, and HIPAA penalties for exposing regulated data through preventable disclosures

Real-World Examples

A major Git repository exposure affected thousands of websites when .git folders remained accessible on production servers, allowing attackers to reconstruct entire source code histories including deleted commits containing credentials. Tools like GitDumper automated mass exploitation of this misconfiguration.

Cloud storage misconfigurations have repeatedly exposed sensitive data when companies left S3 buckets or Azure Blob containers publicly readable. One incident exposed 150 million voter records because verbose API error messages revealed the storage URL structure, and no authentication was required.

Framework debug modes left enabled in production have caused numerous breaches. Django's DEBUG=True setting exposed complete stack traces with database queries and environment variables, while Laravel's debug pages revealed encryption keys through the APP_KEY variable in environment dumps.

Mitigation

  • Generic error pages: Return uniform error messages to users; log detailed exceptions server-side only
  • Disable debug modes: Enforce production configurations that suppress stack traces, verbose logging, and debug endpoints through deployment automation
  • Access control audits: Restrict or remove development artifacts (.git, backup files, phpinfo()) and internal endpoints before deployment
  • Response minimization: API responses should return only necessary fields; implement allowlists rather than blocklists for data exposure
  • Security headers: Deploy X-Content-Type-Options, remove server version banners, and disable directory indexing
  • Timing consistency: Ensure authentication and validation responses take uniform time regardless of input validity

Recent CVEs (66624)

EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Notification component lets an already-authenticated low-privileged user elevate to higher privileges (SYSTEM) across a broad range of Windows 10, Windows 11, and Windows Server releases. The flaw stems from an incorrect type conversion/cast (CWE-704) and carries a CVSS 7.8 (AV:L/AC:L/PR:L/UI:N) with high confidentiality, integrity, and availability impact. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in Microsoft Windows SMB Server allows an already-authenticated network attacker to elevate to higher privileges by abusing a flawed authentication algorithm, yielding high confidentiality, integrity, and availability impact. The flaw affects Windows 10 (21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2022/2025 including Server Core. Reported by Microsoft with a patch available; no public exploit identified at time of analysis.

Microsoft Information Disclosure Windows 10 Version 21H2 +7
NVD
EPSS 0% CVSS 7.3
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Server Backup (WBADMIN component shipped with Windows 10 21H2/22H2 and Windows 11 24H2/25H2/26H1) lets an authorized, low-privileged user abuse a symbolic-link/junction race so that a backup operation acts on an attacker-chosen path, yielding SYSTEM-level access. Microsoft has released a patch and reported the flaw itself; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Successful exploitation requires local access plus user interaction, which lowers the realistic threat relative to the 7.3 base score.

Microsoft Information Disclosure Windows 10 Version 21H2 +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Integer underflow in the Windows Kernel enables a locally authenticated attacker to disclose sensitive kernel memory contents across a broad range of Windows 10, Windows 11, and Windows Server platforms. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms that any low-privilege local user can trigger the flaw without special configuration or user interaction, yielding high confidentiality impact with no integrity or availability consequences. Microsoft has released a patch via the July 2026 Security Update Guide; no public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Microsoft Integer Overflow +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Access of resource using incompatible type ('type confusion') in Composite Image File System Driver allows an authorized attacker to disclose information locally.

Memory Corruption Information Disclosure Windows 10 Version 21H2 +7
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 21H2 +6
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Clip Service (clipboard/cloud clipboard component, cbdhsvc) affects a broad range of Windows 10, Windows 11, and Windows Server 2019-2025 builds, where a race condition in concurrent access to a shared resource lets an already-authenticated local attacker win a timing window to gain higher privileges. Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Note a source conflict: the description and CWE describe privilege elevation with high confidentiality/integrity/availability impact, while the intelligence tags label it 'Information Disclosure' - treat the primary impact as local EoP per the CVSS vector.

Microsoft Race Condition Information Disclosure +11
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in the Microsoft Windows App Store (AppX/package deployment component) allows an authorized, low-privileged user to win a race condition and gain higher privileges on affected Windows client and server builds spanning Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. Exploitation requires local access and already-held low privileges, and the high attack complexity reflects the timing precision needed to win the race. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.

Microsoft Race Condition Information Disclosure +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 21H2 +7
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Kernel affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a race condition (CWE-362) in the synchronization of a shared kernel resource lets an authenticated low-privileged local user win a timing window to gain higher privileges. The CVSS 3.1 score is 7.8 with a scope-changed vector, the flaw was reported by Microsoft, and a patch is available. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive information to an unauthorized actor in Windows DirectX allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows AppX Deployment Service (AppXSvc) lets an already-authenticated, low-privileged user win a race condition to elevate to higher privileges across a broad range of Windows client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through 2025). The flaw stems from improper synchronization of a shared resource, and successful exploitation yields full confidentiality, integrity, and availability impact on the host. It is reported by Microsoft with a vendor patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Race Condition Information Disclosure +18
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows USB Print Driver affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a race condition (improper synchronization of a shared resource) lets an already-authenticated local user win a timing window to execute code at elevated privilege. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and it is not on CISA KEV. The high CVSS attack complexity (AC:H) reflects that the attacker must reliably win a narrow race, which tempers real-world exploitability.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows USB Print Driver on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an already-authenticated local user to win a timing race and elevate to SYSTEM-level privileges. The flaw is a race condition (CWE-362) reported by Microsoft; a vendor patch is available, and there is no public exploit identified at time of analysis. Exploitation is constrained by high attack complexity (winning the race window) but yields full confidentiality, integrity, and availability impact once achieved.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive system information to an unauthorized control sphere in Windows Kernel allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft's Resilient File System (ReFS) driver allows an authorized (low-privileged) attacker to run arbitrary code with elevated context via a numeric truncation flaw. The bug affects the ReFS component shipped with Windows 10, Windows 11, and Windows Server 2016 through 2025. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; note that the CVE's own tags label it 'Information Disclosure' while the description and CVSS impact (C:H/I:H/A:H) describe full code execution - the code-execution reading should be treated as authoritative.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 7.1
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Routing and Remote Access Service (RRAS) allows an already-authenticated low-privileged user to abuse a link-following (symlink/junction) flaw to gain higher privileges on the host. The bug affects a broad range of client and server SKUs from Windows Server 2012 through Windows Server 2025 and Windows 10 1607 through Windows 11 26H1, and Microsoft has shipped a fix. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.3
HIGH PATCH Exploit Unlikely This Week

Elevation of privilege in the Windows Universal Disk Format File System driver (UDFS.sys) lets a low-privileged local user gain elevated (kernel/SYSTEM) rights after the victim mounts or opens a maliciously crafted UDF volume. The flaw stems from an integer arithmetic error (CWE-191) in the driver that parses UDF-formatted media such as ISO images, optical discs, and virtual disk files, and affects a broad range of Windows client and server releases from Windows Server 2012 and Windows 10 1607 through Windows 11 26H1 and Windows Server 2025. Microsoft reported the issue and has shipped a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Information Disclosure Microsoft Integer Overflow +18
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Clipboard Server (Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025) allows an already-authenticated low-privileged user to win a race condition and gain higher privileges on the host. Microsoft credits its own researchers and has shipped a fix; there is no public exploit identified at time of analysis and the CVSS base score is 7.0 (High). The high attack complexity reflects the timing precision needed to exploit the race, which meaningfully limits reliable weaponization.

Microsoft Race Condition Information Disclosure +11
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Surface devices (Go, Hub, Laptop Go/Go 3, Pro/Pro 8, Laptop 4 AMD/Intel, Windows Dev Kit) allows an authenticated low-privileged user to gain higher privileges through insufficiently granular access control (CWE-1220) in the device firmware/platform layer. The flaw carries a CVSS 7.8 (High) with full confidentiality, integrity, and availability impact once exploited, but requires prior local access. No public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a fix via MSRC.

Microsoft Information Disclosure Microsoft Surface Go +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Push Notifications component (WPN) affects Windows 11 (23H2, 24H2, 25H2, 26H1) and Windows Server 2025 including Server Core, where a race condition (CWE-362) lets an authorized local user win a timing window on a shared resource to run code at a higher privilege level. Microsoft reported the issue and has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Note a signal conflict: the description and CVSS impact frame this as privilege elevation, while the vendor tags also list 'Information Disclosure' - the primary impact should be treated as EoP pending vendor clarification.

Microsoft Race Condition Information Disclosure +6
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Windows Event Logging Service across a wide range of Windows 10, Windows 11, and Windows Server versions fails to enforce its intended protection mechanisms, permitting any authenticated low-privileged network user to read information that should be access-controlled. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) confirms exploitation requires only a valid low-privilege account and network connectivity, with no user interaction and no elevated rights - making it a practical post-compromise lateral-movement or reconnaissance tool. No public exploit code has been identified and this CVE is not listed in CISA KEV at time of analysis, but the ubiquitous deployment footprint across the Windows ecosystem elevates organizational exposure.

Microsoft Information Disclosure Windows 10 Version 1809 +11
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Windows Audio Service on multiple Windows desktop and server versions improperly exposes sensitive information to locally authenticated standard users, enabling information disclosure without requiring elevated privileges. Affecting Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 (with Server 2022 and 2025 referenced in tags), the flaw is exploitable post-foothold by any low-privileged local account, making it a realistic post-exploitation pivot rather than an initial access vector. No public exploit code has been identified at time of analysis, and a vendor-released patch is confirmed available via the Microsoft Security Response Center.

Microsoft Information Disclosure Windows 10 Version 1809 +11
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +16
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft PC Manager allows an authenticated low-privileged user to gain elevated (typically SYSTEM/administrator) privileges by abusing improper link resolution before file access (CWE-59). Reported by Microsoft with a patch available via MSRC; no public exploit identified at time of analysis and not listed in CISA KEV. The CVSS 7.8 score reflects high confidentiality, integrity, and availability impact once the local, low-privilege prerequisites are met.

Information Disclosure Microsoft Pc Manager
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows Kernel allows an authorized attacker to bypass a security feature locally.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in the Microsoft Graphics Component affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through Server 2025). An attacker who convinces a user to open a specially crafted file or content triggers an out-of-bounds read (CWE-125) that Microsoft rates as enabling code execution with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; exploitation requires local access plus user interaction, making it a standard patch-cycle priority rather than an emergency.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Network code execution in the Windows Print Spooler service allows an authenticated attacker to win a synchronization race and run arbitrary code across a broad range of Windows client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through 2025). Microsoft rates it CVSS 8.8 with high confidentiality, integrity, and availability impact; a vendor patch is available, and there is no public exploit identified at time of analysis. Note that the CVE description and CVSS indicate remote code execution while the source tags label it 'Information Disclosure' — a discrepancy defenders should verify against the MSRC advisory.

Microsoft Race Condition Information Disclosure +18
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 3.3
LOW PATCH Exploit Unlikely Monitor

Information disclosure in Microsoft Office (Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, and Office for Mac) via an out-of-bounds read (CWE-125) lets an attacker leak sensitive memory contents when a victim opens a maliciously crafted document. The CVSS 3.1 base score is 7.1 (AV:L/AC:L/PR:N/UI:R), reflecting local exploitation that requires user interaction but no prior authentication. Microsoft is the reporting source and has published a fix; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure +8
NVD
EPSS 0% 4.6 CVSS 7.8
HIGH POC KEV PATCH THREAT Exploited Act Now

Local privilege escalation in Microsoft Active Directory Federation Services (AD FS) lets an already-authenticated low-privileged user on the host gain higher privileges due to insufficient granularity of access control (CWE-1220). Affected deployments span AD FS on Windows Server 2012 through Windows Server 2025, and the flaw carries a CVSS 7.8 with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so this is a patch-priority-driven rather than exploitation-driven risk.

Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +11
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +9
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

External control of file name or path in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Microsoft Information Disclosure Microsoft Sharepoint Enterprise Server 2016 +2
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Local tampering in Windows CryptoAPI (Crypt32) on Windows 11 (24H2/25H2/26H1) and Windows Server 2022/2025 stems from a missing cryptographic step, letting an authenticated local attacker undermine the integrity and confidentiality of cryptographically protected data. Microsoft rates it 7.1 (High) with high confidentiality and integrity impact; there is no public exploit identified at time of analysis and it is not on the CISA KEV list. A vendor patch is available through the MSRC update guide.

Microsoft Information Disclosure Windows 11 Version 24H2 +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege elevation in Microsoft SQL Server (2016 SP3 through 2025) allows an already-authenticated database user to gain higher privileges on the host by controlling a file name or path used by the server engine. The CVSS 3.1 base score is 7.8 with high impact to confidentiality, integrity, and availability, and Microsoft has released a patch. There is no public exploit identified at time of analysis, and the CVE is not in CISA KEV.

Information Disclosure Microsoft Sql Server 2016 Service Pack 3 Gdr Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM) allows an authenticated attacker with low-level privileges on the server to elevate to higher privileges due to insufficiently granular access controls (CWE-1220). The CVSS 3.1 score of 7.8 (AV:L/AC:L/PR:L) reflects local exploitation yielding full confidentiality, integrity, and availability impact. A vendor patch is available; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Microsoft Information Disclosure Microsoft Exchange Server 2016 Cumulative Update 23 +3
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Information disclosure via uninitialized memory in the Windows SMB driver stack affects a broad range of Windows 10, Windows 11, and Windows Server versions. A locally authenticated, low-privileged attacker can trigger a code path that reads from uninitialized memory within the SMB subsystem, potentially leaking sensitive kernel or heap memory contents. No public exploit code or active exploitation has been identified at the time of analysis; Microsoft has released a patch via MSRC.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows USB Print Driver affecting Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 lets an already-authenticated, low-privileged user win a race condition (CWE-362) in the driver to gain higher privileges. Microsoft has released a patch and reported the flaw itself; there is no public exploit identified at time of analysis. The high attack complexity (AC:H) reflects the timing-dependent nature of exploiting the shared-resource synchronization defect.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Printer Drivers component across Windows 10, Windows 11 (through 26H1), and Windows Server 2012 through 2025 lets an already-authenticated attacker corrupt kernel-adjacent memory to gain higher privileges. The flaw is a double free (CWE-415) triggered locally by a low-privileged user, yielding high confidentiality, integrity, and availability impact (CVSS 7.8). No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in the Windows Win32K kernel-mode subsystem allows an already-authenticated attacker to win a race condition (CWE-362) and elevate to SYSTEM-level privileges across supported Windows 10, Windows 11, and Windows Server 2019-2025 builds. Reported by Microsoft with a vendor patch available; there is no public exploit identified at time of analysis and EPSS is low (0.16%, 5th percentile). CVSS 7.0 reflects high attack complexity (AC:H) driven by the timing-window nature of the flaw and the requirement for existing low-privilege access (PR:L).

Microsoft Race Condition Information Disclosure +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Active Directory certificate-validation path lets an already-authenticated attacker on Windows 10 (1607/1809) and Windows Server 2016 through 2025 (including Server Core) improperly validate a certificate to gain higher privileges. Microsoft reported and patched the flaw (CWE-295), but there is no public exploit identified at time of analysis and it is not on CISA KEV. The CVSS 7.8 vector (AV:L/PR:L) confirms an authenticated local attacker with full confidentiality, integrity, and availability impact upon success.

Microsoft Information Disclosure Windows 10 Version 1607 +8
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Win32K kernel-mode subsystem allows an authenticated low-privileged user to win a race condition and elevate to SYSTEM across Windows 10, Windows 11 (through 26H1), and Windows Server 2012 through 2025. Reported by Microsoft with a patch available, it carries CVSS 7.0 but a high attack complexity (AC:H) reflecting the timing-sensitive nature of the flaw. There is no public exploit identified at time of analysis, and EPSS is low (0.19%, 9th percentile), consistent with CISA SSVC rating exploitation as 'none.'

Microsoft Race Condition Information Disclosure +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows USB Print Driver lets an already-authenticated low-privileged user win a race condition to gain SYSTEM-level control on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. The flaw stems from unsynchronized access to a shared resource, and successful exploitation yields full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows USB Print Driver on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 lets an already-authenticated low-privileged user win a timing race in the driver to gain elevated privileges. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and it is not listed in CISA KEV. The high attack complexity (must reliably win a race window) tempers real-world exploitability despite full confidentiality, integrity, and availability impact.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows Common Log File System (CLFS) Driver allows an already-authenticated, low-privileged user to elevate to SYSTEM on a wide range of Windows client and server releases. Microsoft classifies the root cause as exposure of sensitive information (CWE-200), but the CVSS impact profile (C:H/I:H/A:H) reflects that the leaked kernel data enables full local privilege escalation. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though CLFS has historically been a heavily exploited elevation-of-privilege target in Windows.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Insufficiently protected credentials in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network.

Information Disclosure Visual Studio Code
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows App Store component (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025) allows an authorized low-privileged attacker to win a race condition on an improperly synchronized shared resource and gain higher privileges. Exploitation is local-only and high-complexity because it depends on reliably hitting a narrow timing window, and no public exploit has been identified at time of analysis. A vendor patch is available via Microsoft's MSRC update guide.

Microsoft Race Condition Information Disclosure +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows TCP/IP allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 3% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows StateRepository API lets an already-authenticated low-privileged user gain higher (typically SYSTEM-level) privileges due to insufficiently granular access control (CWE-1220). It affects a broad range of currently supported Windows client and server builds (Windows 10 1809 through Windows 11 26H1, and Windows Server 2019/2022/2025). The flaw was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis (not listed in CISA KEV).

Microsoft Information Disclosure Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 7.1
HIGH PATCH Exploit Unlikely This Week

Local information disclosure in the Microsoft Windows App Store (Store/AppX component) affects a broad range of Windows 10, Windows 11, and Windows Server releases (1607 through 26H1, Server 2016/2019/2022/2025). An authorized local attacker can leverage a use of uninitialized resource (CWE-908) to read memory contents that should not be exposed, with CVSS 7.1 reflecting high confidentiality impact but requiring low-privileged authenticated local access. There is no public exploit identified at time of analysis, it is not listed in CISA KEV, and Microsoft has released a patch via the MSRC update guide.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows App Installer (App Installer / MSIX handler) on Windows 11 (23H2 through 26H1) and Windows Server 2025 lets an already-authenticated local attacker win a timing race to elevate to higher privileges. The flaw stems from improper synchronization of a shared resource during concurrent execution, and Microsoft has released a patch. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Microsoft Race Condition Information Disclosure +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Cleartext transmission of sensitive information in Windows Ancillary Function Driver for WinSock allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +18
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Media allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1809 +10
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Secure Kernel Mode (SKM/VTL1) allows an already-authenticated attacker to elevate to higher privileges on affected Windows 10, Windows 11 (through 26H1), and Windows Server 2016-2025 systems. The flaw stems from improper consistency validation of input crossing the trust boundary into the isolated secure kernel (CWE-1288), yielding full confidentiality, integrity, and availability impact on the local host. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 +14
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Credential leakage in sigstore-js (specifically the @sigstore/oci package) before 0.7.1 allows Docker registry credentials to be transmitted to the wrong registry because getRegistryCredentials() matched configured auth keys against the target registry using a substring check instead of an exact host match. An attacker who can induce a victim to push or pull signatures/attestations against an attacker-named registry whose hostname has a substring relationship with a legitimately configured registry (e.g. 'cr.io' vs 'ghcr.io', or 'victim.127.0.0.1:5000' vs '127.0.0.1:5000') can capture the victim's stored registry credentials. There is no public exploit identified at time of analysis, and this is not listed in CISA KEV; the underlying weakness (CWE-522) is confirmed and fixed by the vendor in @sigstore/oci 0.7.1.

Docker Information Disclosure Sigstore Js
NVD GitHub
EPSS 0% CVSS 2.1
LOW PATCH Monitor

A security vulnerability has been detected in tamagui up to 2.3.0. This affects the function updateConfig of the file code/core/web/src/config.ts. Such manipulation leads to improperly controlled modification of object prototype attributes. The attack may be performed from remote. Upgrading to version 2.3.1 is able to mitigate this issue. The name of the patch is e46af9879b7627934ea4d6d6e46e65cea53abb3d. The affected component should be upgraded.

Prototype Pollution Information Disclosure Tamagui
NVD VulDB GitHub
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Out-of-bounds memory disclosure in Python Pillow before 12.3.0 lets an attacker who supplies a crafted McIdas AREA image file read adjacent process memory or crash the host application. When such a file is opened from a filename, header words control the raw-codec mmap row stride; setting it below the true row width causes later pixel operations (tobytes, getpixel, convert, save) to read past the mapped region. No public exploit is identified at time of analysis and it is not in CISA KEV, but the upstream fix, PR, and a regression test are public, making the flaw well documented.

Python Buffer Overflow Information Disclosure +1
NVD GitHub
CRITICAL Act Now

Missing TLS certificate validation in the XAPI C# and PowerShell SDK bindings - specifically on secondary HTTP handler connections used for disk image transfers, host backups, RRD data, and patch delivery - allows a network-positioned attacker to intercept communications between third-party management tools and Xen hypervisor hosts. Successful Man-in-the-Middle exploitation can yield stolen administrative session tokens, enabling full hypervisor session hijack, or permit tampering with critical data such as imported disk images and host update packages in transit. No public exploit code has been identified at time of analysis, and the Xen Project advisory XSA-498 confirms no known mitigations exist short of patching.

Information Disclosure
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds heap read in Python Pillow's TGA RLE encoder (versions 5.2.0 through 12.2.x) lets adjacent process heap bytes leak into a generated TGA file when an application saves a mode '1' (1-bit) image using compression='tga_rle'. The flaw is an information-disclosure bug (CWE-125), fixed in 12.3.0, with no public exploit identified at time of analysis. The NVD CVSS of 7.5 (network vector) overstates practical reach because triggering the leak depends on the host application invoking this specific and unusual save path.

Python Buffer Overflow Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Server-Side Request Forgery and information disclosure in Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2 arises from insufficient CSS sanitization in HTML e-mail bodies, letting a crafted message with stylesheet links pointing to internal hosts coerce the server into issuing requests to local-network resources. This is a re-opened flaw stemming from incomplete fixes for CVE-2026-35540 and CVE-2026-48843, indicating the sanitizer still failed to block specific local-address URL patterns. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the vendor rates it as a stable security update recommended for all installations.

SSRF Information Disclosure Webmail
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Prototype pollution in compromise (spencermountain/compromise) through version 14.15.1 exposes all JavaScript applications using the library to Object.prototype contamination via the nlp.extend() Public Root API. A low-privileged remote attacker who can supply a crafted plugin argument containing __proto__, constructor, or prototype keys can inject properties into the global Object.prototype, producing partial confidentiality, integrity, and availability impact across the Node.js runtime. A public exploit exists via GitHub issue #1208, a vendor patch has been released (commit b4644ab7), and no CISA KEV listing has been confirmed at time of analysis.

Prototype Pollution Information Disclosure Compromise
NVD VulDB GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in Python Pillow (versions 8.2.0 through 12.2.0) allows remote attackers to exhaust memory during JPEG2000 decoding, causing out-of-memory failures in any application that decodes untrusted images. The flaw stems from Pillow's JPEG2000 decoder summing tile widths across the whole image rather than per tile, so a small crafted tiled file forces disproportionately large transient allocations. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the upstream fix (12.3.0) and a public PR/commit make the root cause fully transparent.

Python Information Disclosure Pillow
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Out-of-bounds read in the Perl DBI (Database Independent Interface) module before version 1.651 lets a caller trigger a negative-array-index read inside the internal row-buffer helper (_set_fbav in DBI.xs), potentially disclosing adjacent process memory or crashing the interpreter. The flaw arises when a statement handle declares zero fields but is fed a non-empty source row, an inconsistency the module failed to reject before returning results. No public exploit has been identified at time of analysis and the issue is not on CISA KEV; the assigned CVSS of 9.1 reflects high confidentiality and availability impact under a network vector, but realistic exploitation depends on a caller (typically a DBD driver or database backend) supplying mismatched metadata and rows.

Buffer Overflow Information Disclosure Dbi
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Broken object-level authorization in Easy!Appointments 1.5.2 lets any authenticated user query the customers search endpoint to harvest the appointment hash tokens of other users and providers. Because these hashes act as the access control for appointment operations, an attacker can then edit or delete appointments they do not own, achieving a full Appointments Takeover across other providers. No public exploit identified at time of analysis; the flaw is fixed in version 1.6.0.

Information Disclosure Easyappointments
NVD GitHub
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Prototype pollution in kofrasa mingo up to version 7.2.1 allows low-privileged remote attackers to corrupt JavaScript Object.prototype by supplying `__proto__` as a field selector in `$set`, `updateOne`, or `updateMany` operations, injecting arbitrary properties into all objects within the Node.js process. Proof-of-concept exploit code exists (CVSS 4.0 E:P), and successful exploitation can cascade to application-wide privilege logic bypass, information disclosure, or denial of service depending on how the host application relies on inherited object properties. Vendor-released patch version 7.2.2 is confirmed available.

Prototype Pollution Information Disclosure Mingo
NVD VulDB GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Buffer over-read in Fortinet FortiOS and FortiProxy exposes sensitive memory contents to authenticated network attackers across multiple product lines including FortiPAM and FortiSwitchManager. The flaw, rooted in CWE-126 (buffer over-read), allows low-privileged remote users to read beyond allocated buffer boundaries, resulting in partial information disclosure with no integrity or availability impact. No active exploitation confirmed in CISA KEV, but the CVSS temporal vector includes E:P indicating proof-of-concept exploit code exists, and an official fix is available per RL:O.

Fortinet Buffer Overflow Information Disclosure +4
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Prototype pollution in svg.js (svgdotjs) up to version 3.2.5 allows a remote low-privileged attacker to inject arbitrary properties into JavaScript's shared Object.prototype via the EventTarget.on function of the npm package API. Depending on how consuming applications perform property lookups, this can lead to information disclosure, logic bypass, or integrity violations across the entire JavaScript runtime. No vendor patch exists - the maintainer has not responded to the responsible disclosure - and a proof-of-concept exists (CVSS E:P), though no confirmed active exploitation appears in CISA KEV.

Prototype Pollution Node.js Information Disclosure +1
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Improper TLS certificate validation in Fortinet FortiClientEMS (Endpoint Management Server) exposes sensitive information to network-positioned attackers across FortiClientEMS 7.2 (all listed builds up to 7.2.14), 7.4.0–7.4.1, and 7.4.3–7.4.5. Because the client fails to properly verify server certificates (CWE-295), an attacker able to intercept EMS communications can decrypt or observe protected traffic to disclose information. There is no public exploit identified at time of analysis and CISA SSVC scores exploitation as 'none', but Fortinet rates the flaw CVSS 9.8, so patching should be prioritized despite the lack of observed exploitation.

Fortinet Information Disclosure Forticlientems
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Remote denial-of-service in the Rockwell Automation FLEX 5000 EtherNet/IP adapter allows an unauthenticated network attacker to crash the module by sending a crafted CIP (Common Industrial Protocol) packet, halting the adapter and its associated I/O until a manual power cycle restores operation. The CVSS 4.0 score of 8.7 (High) reflects a network-reachable, no-privilege attack with high availability impact but no confidentiality or integrity loss. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV, so there is no confirmed active exploitation.

Information Disclosure The Flex 5000 Ethernet Ip Adapter
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Information disclosure in Fortinet FortiAuthenticator (6.5 all versions and 6.6.0–6.6.2) lets a remote unauthenticated attacker read out-of-bounds memory via a specially crafted request, exposing sensitive in-memory data. The CVSS temporal metrics (E:F, RC:C) indicate a functional, confirmed exploit is understood by the vendor, and an official fix is available (RL:O). No CISA KEV listing is present, so this is not confirmed as actively exploited despite the mature exploit signal.

Fortinet Buffer Overflow Information Disclosure +1
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Exposure of a scanning VM's VNC service in Fortinet FortiSandbox 5.0.0-5.0.2 and 4.4.3-4.4.8 lets an unauthenticated remote attacker reach the VNC server of the sandbox virtual machines used for malware detonation via ordinary network requests. Because these VMs run and observe live malware samples, unauthorized VNC access can expose sensitive analysis sessions and potentially allow interaction with the detonation environment. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Fortinet Information Disclosure Fortisandbox
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Out-of-bounds memory read in the Zephyr RTOS LwM2M firmware-update pull client (subsys/net/lib/lwm2m/lwm2m_pull_context.c) lets a LwM2M management server — or an on-path attacker on a session lacking strong DTLS — leak adjacent device memory and crash the device by writing an over-length Package URI (resource /5/0/1). Affected releases span v3.0.0 through v4.4.0 with the default-on CONFIG_LWM2M_FIRMWARE_UPDATE_PULL_SUPPORT path enabled. No public exploit identified at time of analysis; a vendor patch is available and EPSS/KEV signals are absent.

Buffer Overflow Denial Of Service Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Kernel object corruption in Zephyr RTOS (v4.1.0 through v4.4.0) lets a deprivileged user thread on CONFIG_USERSPACE builds re-initialize a live k_pipe to which it has been granted access, orphaning threads already blocked on that pipe. Because z_impl_k_pipe_init() unconditionally resets the ring buffer and wait queues without accounting for pended waiters, a subsequent timeout or wake drives sys_dlist_remove() through dangling pointers, producing an attacker-influenced invalid kernel write, list corruption, lost wakeups, and silent data loss. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the fix hardens the k_pipe_init syscall verifier.

Information Disclosure Zephyr
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation and kernel memory corruption in Zephyr RTOS on Xtensa SoCs (v3.7.0 through v4.4.0) built with CONFIG_XTENSA_MPU and CONFIG_USERSPACE, where arch_buffer_validate() fails open on an integer-overflow edge case, letting an unprivileged user thread trick the kernel into reading or writing arbitrary kernel/partition memory on its behalf. The flaw stems from a default-permit return value combined with a ROUND_UP address-space wrap that skips the MPU probe loop entirely, and it is not caught by the existing syscall-layer overflow guards. Vendor patch is available; no public exploit identified at time of analysis, and this is not in CISA KEV.

Denial Of Service Privilege Escalation Information Disclosure +3
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Denial-of-service in Rockwell Automation 1756-EN2, 1756-EN3, and 1756-ENBT ControlLogix EtherNet/IP communication modules lets an unauthenticated network attacker drop active device connections by sending malformed CIP Implicit (I/O) Connection packets. Because CVSS 4.0 rates only availability impact (VC:N/VI:N/VA:H) and connections recover immediately once the traffic stops, the flaw enables repeatable disruption rather than persistent outage or code execution. No public exploit identified at time of analysis, and the module is not in CISA KEV.

Information Disclosure 1756 En2 1756 En3 1756 Enbt
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

The reschedule endpoint in Easy!Appointments 1.5.2 and earlier exposes the complete customer database record to any party holding the 12-character appointment hash, with no authentication check and no field whitelisting on the ea_users row. These hashes are deliberately distributed to customers in reschedule emails, embedded in confirmation page URLs, and visible in operator calendar links, which means the effective attacker pool is anyone who has ever received or forwarded a booking email. The fix is available in version 1.6.0 per the GitHub security advisory; no public exploit code and no CISA KEV listing have been identified at time of analysis.

PHP Information Disclosure Easyappointments
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Information disclosure with integrity impact in the Spotfire Server modules of Spotfire Enterprise, Spotfire Enterprise with External Consumers, and Spotfire on Kubernetes allows a remote, unauthenticated attacker to obtain sensitive data and alter server-side state once a victim is lured into a passive interaction (UI:P), such as opening a crafted link or analysis. The CVSS 4.0 base score is 8.7 (High) with high confidentiality and integrity impact and low availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; EPSS was not provided.

Kubernetes Information Disclosure Spotfire Enterprise +2
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

MIME type restriction bypass in TYPO3 CMS 14.2.0-14.3.5 allows unauthenticated attackers to upload files of arbitrary MIME types through forms configured with FileUpload or ImageUpload elements, circumventing the allowedMimeTypes restriction entirely. The flaw originates from a lifecycle ordering defect in the server-side form framework: MimeTypeValidator is registered before concrete form definition properties are applied, so it is absent from the validation pipeline at runtime. No public exploit code and no CISA KEV listing have been identified at time of analysis, but the network-accessible, zero-prerequisite-auth nature of the bypass elevates practical risk wherever affected forms are publicly exposed.

Information Disclosure
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Out-of-bounds read in Citrix Secure Access Client for Windows (all versions before 26.6.1.20) enables a local low-privileged attacker to read memory beyond an allocated buffer boundary, resulting in high confidentiality impact with no integrity or availability consequence. The CVSS 4.0 score of 6.8 reflects the local attack vector and low-privilege requirement, meaning an attacker must already hold a foothold on the endpoint. No public exploit code and no active exploitation (CISA KEV) have been identified at time of analysis.

Citrix Buffer Overflow Microsoft +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Firefox versions prior to 152.0.6 are exposed to a network-exploitable flaw requiring user interaction that yields limited confidentiality and integrity impact within the browser context. Publicly available exploit code exists, confirmed by Mozilla's own advisory language, though the vendor reports no known attacks in the wild at time of disclosure. The fix is confirmed in Firefox 152.0.6, referenced in Mozilla security advisory MFSA2026-67.

Mozilla Information Disclosure
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Information disclosure in Mozilla Firefox via CWE-763 (Release of Invalid Pointer or Reference) allows network-based attackers to read limited memory contents from affected browser instances. All Firefox versions prior to 152.0.6 are affected. Publicly available exploit code exists, though Mozilla reports no confirmed attacks in the wild; user interaction is required to trigger the flaw, moderately reducing real-world exposure.

Mozilla Information Disclosure
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Incorrect WHERE-clause evaluation in Perl's DBI::SQL::Nano (versions 1.42 up to 1.651) causes text-based '<=' and '>=' comparisons to be silently inverted, so range-filtered queries return the wrong set of rows. The flaw affects DBI's built-in fallback mini-SQL engine used by file-backed drivers (DBD::File, DBD::DBM, CSV-style) when SQL::Statement is absent, and applications that rely on such predicates for policy or authorization filtering may leak or mishandle records without any error. There is no public exploit identified at time of analysis and the issue is not in CISA KEV; the fix is available upstream in DBI 1.651.

Information Disclosure Dbi
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Out-of-bounds read in libsoup 3.6.6 exposes WebSocket clients to memory disclosure and crashes when connecting to malicious servers. The incomplete fix for CVE-2026-0716 (commit 6ff7ef0) placed the integer overflow guard exclusively inside the masked-frame branch, leaving the unmasked server-to-client frame path entirely unprotected - allowing a crafted payload length near UINT64_MAX to bypass the guard entirely. No public exploit code or active exploitation (CISA KEV) has been identified, but the CVSS AC:H rating reflects the non-trivial preconditions: a specific client configuration and attacker-controlled server are both required.

Buffer Overflow Information Disclosure Red Hat Enterprise Linux 10
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Eclipse Jetty mishandles HTTP URI path parameters containing semicolons combined with traversal sequences, delivering an unresolved path (e.g., `/public/../admin/secret.txt`) to downstream web applications instead of the canonicalized form (e.g., `/admin/secret.txt`). Web applications that delegate path-based authorization decisions to Jetty-provided paths are susceptible to confusion attacks where an attacker crafts a URI like `/public;/../admin/secret.txt` to receive a path that bypasses application-layer access controls. Jetty itself is shielded by its alias checker and will not serve restricted files directly; the integrity risk materializes only in applications that consume the unresolved path for routing or authorization logic. No public exploit code or CISA KEV listing is present at time of analysis.

Information Disclosure Eclipse Jetty
NVD VulDB
Prev Page 4 of 741 Next

Quick Facts

Typical Severity
MEDIUM
Category
other
Total CVEs
66624

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy