3167 matches found
Spring MVC Framework - Local File Inclusion
Spring MVC Framework versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported are vulnerable to local file inclusion because they allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. A malicious user can send a request using a...
EUVD-2026-35465
An information disclosure vulnerability in the NETGEAR Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not impacted by this...
CVE-2026-42970 Windows Push Notification Information Disclosure Vulnerability
...
CVE-2026-45604 Windows Managed Installer Information Disclosure Vulnerability
...
CVE-2026-42835 Microsoft Teams for Android Information Disclosure Vulnerability
...
CVE-2026-45502 Microsoft Exchange Server Information Disclosure Vulnerability
...
CVE-2026-45466 Microsoft Word Information Disclosure Vulnerability
...
CVE-2026-0411 A Sensitive Information Disclosure Vulnerability in NETGEAR Orbi Satellites
An information disclosure vulnerability in the NETGEAR Orbi satellites RBR/RBE/RBS Series could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not...
CVE-2026-47655
CVE-2026-47655 describes an information-disclosure vulnerability in Microsoft Graph. An authorized attacker could disclose sensitive data over a network due to a root cause that enables exposure to an attacker with Network access, Low complexity and Low privileges, with no user interaction. The C...
CVE-2026-47644 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability
...
CVE-2026-23663 Microsoft Global Secure Access (GSA) Information Disclosure Vulnerability
...
CVE-2026-23663
CVE-2026-23663 (Microsoft Global Secure Access) is a vulnerability described as an information disclosure issue stemming from improper privilege management in Azure Entra ID, enabling a network-based attacker with no user interaction to achieve privilege elevation and access confidential data. Th...
CVE-2026-0240 Trust Protection Foundation: Sensitive Information Disclosure Vulnerability
An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify...
CVE-2026-41107
CVE-2026-41107 describes an information disclosure in Microsoft Edge (Chromium-based) caused by external control of a file name or path. The vulnerability affects Microsoft Edge for Android and the Chromium-based Edge on other platforms. The underlying issue enables an unauthorized attacker to di...
CVE-2026-40406
Technical details about CVE-2026-40406 are not publicly available in the provided documents; monitor for updates as additional specifics (affected products, root cause, fixes) may be released.
CVE-2026-33111 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability
...
GHSA-P7G9-RP3G-MGFG Backstage: Catalog unprocessed read endpoints allow authenticated cross-owner data access without permission checks
Impact The unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless of ownership. This is an information disclosure vulnerability affecting...
PT-2026-35556
OpenClaw before 2026.3.28 contains an environment variable disclosure vulnerability in the jq safe-bin policy that fails to block the $ENV filter. Attackers can bypass safe-bin restrictions by using $ENV in jq programs to access sensitive environment variables that should be restricted...
Microsoft Word Information Disclosure Vulnerability (CNVD-2026-19707)
Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. An information disclosure vulnerability exists in Microsoft Word. An attacker could exploit this vulnerability to obtain sensitive information...
Oracle Database Server 安全漏洞
Oracle Database Server is a relational database management system with a Java VM component that supports running Java programs in the database. A data disclosure vulnerability exists in Oracle Database Server. The vulnerability arises from a failure of the Java VM component to properly handle a...