CVE-2026-47655

CVE-2026-47655 describes an information-disclosure vulnerability in Microsoft Graph. An authorized attacker could disclose sensitive data over a network due to a root cause that enables exposure to an attacker with Network access, Low complexity and Low privileges, with no user interaction. The C...

Spring MVC Framework - Local File Inclusion

Spring MVC Framework versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported are vulnerable to local file inclusion because they allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. A malicious user can send a request using a...

CVE-2026-23663 Microsoft Global Secure Access (GSA) Information Disclosure Vulnerability

...

CVE-2026-23663

CVE-2026-23663 (Microsoft Global Secure Access) is a vulnerability described as an information disclosure issue stemming from improper privilege management in Azure Entra ID, enabling a network-based attacker with no user interaction to achieve privilege elevation and access confidential data. Th...

CVE-2026-0240 Trust Protection Foundation: Sensitive Information Disclosure Vulnerability

An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify...

CVE-2026-41107

CVE-2026-41107 describes an information disclosure in Microsoft Edge (Chromium-based) caused by external control of a file name or path. The vulnerability affects Microsoft Edge for Android and the Chromium-based Edge on other platforms. The underlying issue enables an unauthorized attacker to di...

CVE-2026-40406

Technical details about CVE-2026-40406 are not publicly available in the provided documents; monitor for updates as additional specifics (affected products, root cause, fixes) may be released.

CVE-2026-33111 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability

...

GHSA-P7G9-RP3G-MGFG Backstage: Catalog unprocessed read endpoints allow authenticated cross-owner data access without permission checks

Impact The unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless of ownership. This is an information disclosure vulnerability affecting...

PT-2026-35556

OpenClaw before 2026.3.28 contains an environment variable disclosure vulnerability in the jq safe-bin policy that fails to block the $ENV filter. Attackers can bypass safe-bin restrictions by using $ENV in jq programs to access sensitive environment variables that should be restricted...

Microsoft Word Information Disclosure Vulnerability (CNVD-2026-19707)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. An information disclosure vulnerability exists in Microsoft Word. An attacker could exploit this vulnerability to obtain sensitive information...

Oracle Database Server 安全漏洞

Oracle Database Server is a relational database management system with a Java VM component that supports running Java programs in the database. A data disclosure vulnerability exists in Oracle Database Server. The vulnerability arises from a failure of the Java VM component to properly handle a...

CVE-2026-26155

Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability...

Schneider Electric PowerChute Serial Shutdown Log Message Disclosure Vulnerability

Schneider Electric PowerChute Serial Shutdown is a UPS management, normal shutdown and energy management software from Schneider Electric France. Schneider Electric PowerChute Serial Shutdown suffers from a log information disclosure vulnerability that can be exploited by an attacker to cause a W...

CVE-2026-20806 Windows COM Server Information Disclosure Vulnerability

...

CVE-2026-34262 Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer

Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer...

GHSA-3CJC-VHFM-FFP2 Apache DolphinScheduler vulnerable to sensitive information disclosure

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...

CVE-2026-5571 Technostrobe HI-LED-WR120-G2 Configuration Data fs information disclosure

A vulnerability was identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The impacted element is an unknown function of the file /fs of the component Configuration Data Handler. Such manipulation of the argument File leads to information disclosure. It is possible to launch the attack...

CVE-2026-32173

Azure SRE Agent vulnerability CVE-2026-32173 involves improper authentication that could let an unauthenticated attacker disclose information over a network. Affected component is the Azure SRE Agent; the underlying issue is authentication checks failing, enabling information disclosure with netw...

IBM InfoSphere Information Server Information Disclosure Vulnerability (CNVD-2026-16130)

IBM InfoSphere Information Server is IBM's enterprise-class data integration platform for integrating, cleansing and transforming data from disparate sources. An information disclosure vulnerability exists in IBM InfoSphere Information Server that stems from insufficient credential protection and...