Spring MVC Framework - Local File Inclusion

Spring MVC Framework versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported are vulnerable to local file inclusion because they allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. A malicious user can send a request using a...

CVE-2018-25437

WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the downloadbackup.php endpoint. Attackers can directly access the downloadbackup.php script in the admin/datamanagement...

EUVD-2026-35465

An information disclosure vulnerability in the NETGEAR Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not impacted by this...

CVE-2026-42970 Windows Push Notification Information Disclosure Vulnerability

...

CVE-2026-45604 Windows Managed Installer Information Disclosure Vulnerability

...

CVE-2026-42835 Microsoft Teams for Android Information Disclosure Vulnerability

...

CVE-2026-45502 Microsoft Exchange Server Information Disclosure Vulnerability

...

CVE-2026-45466 Microsoft Word Information Disclosure Vulnerability

...

CVE-2026-0411 A Sensitive Information Disclosure Vulnerability in NETGEAR Orbi Satellites

An information disclosure vulnerability in the NETGEAR Orbi satellites RBR/RBE/RBS Series could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not...

CVE-2026-47655

CVE-2026-47655 describes an information-disclosure vulnerability in Microsoft Graph. An authorized attacker could disclose sensitive data over a network due to a root cause that enables exposure to an attacker with Network access, Low complexity and Low privileges, with no user interaction. The C...

CVE-2026-47644 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability

...

CVE-2026-23663

CVE-2026-23663 (Microsoft Global Secure Access) is a vulnerability described as an information disclosure issue stemming from improper privilege management in Azure Entra ID, enabling a network-based attacker with no user interaction to achieve privilege elevation and access confidential data. Th...

CVE-2026-23663 Microsoft Global Secure Access (GSA) Information Disclosure Vulnerability

...

CVE-2026-0240 Trust Protection Foundation: Sensitive Information Disclosure Vulnerability

An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify...

CVE-2026-41107

CVE-2026-41107 describes an information disclosure in Microsoft Edge (Chromium-based) caused by external control of a file name or path. The vulnerability affects Microsoft Edge for Android and the Chromium-based Edge on other platforms. The underlying issue enables an unauthorized attacker to di...

CVE-2026-40406

Technical details about CVE-2026-40406 are not publicly available in the provided documents; monitor for updates as additional specifics (affected products, root cause, fixes) may be released.

CVE-2026-33111 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability

...

GHSA-P7G9-RP3G-MGFG Backstage: Catalog unprocessed read endpoints allow authenticated cross-owner data access without permission checks

Impact The unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless of ownership. This is an information disclosure vulnerability affecting...

PT-2026-35556

OpenClaw before 2026.3.28 contains an environment variable disclosure vulnerability in the jq safe-bin policy that fails to block the $ENV filter. Attackers can bypass safe-bin restrictions by using $ENV in jq programs to access sensitive environment variables that should be restricted...

Oracle Database Server 安全漏洞

Oracle Database Server is a relational database management system with a Java VM component that supports running Java programs in the database. A data disclosure vulnerability exists in Oracle Database Server. The vulnerability arises from a failure of the Java VM component to properly handle a...