18275 matches found
CVE-2026-15642
Insertion of sensitive information into a file in the Recovery Kit response file generation feature in Devolutions Server 2026.1.22.0, 2026.2.11.0 allows an attacker with access to the generated response file to obtain the Azure Key Vault client secret in cleartext, even when the option to exclud...
CVE-2026-50456
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally...
CVE-2026-50442
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally...
CVE-2026-50434
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally...
CVE-2026-50430
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally...
CVE-2026-50415
Exposure of sensitive information to an unauthorized actor in Windows Media allows an unauthorized attacker to disclose information over a network...
CVE-2026-50409
Exposure of sensitive information to an unauthorized actor in Windows Overlay Filter allows an authorized attacker to disclose information locally...
CVE-2026-50352
Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally...
CVE-2026-50339
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally...
CVE-2026-15642
Insertion of sensitive information into a file in the Recovery Kit response file generation feature in Devolutions Server 2026.1.22.0, 2026.2.11.0 allows an attacker with access to the generated response file to obtain the Azure Key Vault client secret in cleartext, even when the option to exclud...
CVE-2026-50697
Exposure of sensitive information to an unauthorized actor in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-50350
CVE-2026-50350 concerns an information-disclosure vulnerability in Windows’ Trusted Runtime Interface Driver. An authenticated local attacker may disclose sensitive information due to an underlying flaw in the driver, with CVSSv3.1 metrics indicating Local attack vector, Low attack complexity, Lo...
CVE-2026-50294
CVE-2026-50294 : Windows Kernel exposes sensitive system information to an unauthorized control sphere, enabling a local attacker to disclose information. Documents confirm a local attack vector with high confidentiality impact; no exploitation details or remediation are provided in the connected...
CVE-2026-41087
CVE-2026-41087 affects Windows File Explorer; a local attacker can cause exposure of sensitive information to obtain disclosure on the host. The vulnerability is rated CVSSv3.1: 5.5 (Medium) with Local access, Low attack complexity, Privileges Required: Low, no user interaction, and Confidentiali...
CVE-2026-55651
Easy!Appointments exposes an Excessive Data Exposure vulnerability in the customers search endpoint (affected in 1.5.2) that allows an authenticated user to obtain appointment hashes belonging to other users, enabling modification or deletion of others’ appointments and leading to an Appointments...
CVE-2026-55651 Easy!Appointments Vulnerable to Appointments Takeover via Excessive Data Exposure
Easy!Appointments is a self hosted appointment scheduler. In version 1.5.2, an Excessive Data Exposure vulnerability in the customers search endpoint allows an authenticated user to obtain appointment hashes belonging to other users. Using these hashes, an attacker can modify or delete appointmen...
Windows Kernel Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally...
Win32k Elevation of Privilege Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an unauthorized attacker to elevate privileges locally...
Microsoft Office Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally...
CVE-2026-15389
A vulnerability relating to insufficient access control has been identified in the session management of the Sesame Time web application and its REST v3 API. The flaw lies in the fact that the system uses the session identifier USID as the sole validation mechanism, without verifying whether that...