information disclosure

Microsoft listed CVE-2026-42973, a Windows Push Notification information disclosure vulnerability, in its Security Update Guide as part of the June 2026 security-update cycle affecting supported Windows platforms. The flaw is not the sort of bug that earns splashy remote-code-execution...

Microsoft disclosed CVE-2026-42972 on June 9, 2026, as a Windows Hyper-V information disclosure vulnerability affecting supported Windows client and server releases, with public tracking pages describing a medium-severity flaw that requires local authorized access rather than remote...

Microsoft released CVE-2026-42968 on June 9, 2026, as an Important Windows Telephony Service information disclosure vulnerability affecting supported Windows client and server releases, with updates available for Windows 10, Windows 11, Windows Server 2012, 2016, 2019, 2022, and 2025. The bug is...

Microsoft disclosed CVE-2026-42908 on June 9, 2026, as a Windows Remote Desktop Protocol information disclosure vulnerability caused by an out-of-bounds read that could allow an unauthenticated attacker to disclose information over a network on affected Windows systems. The bug is not the...

Microsoft disclosed CVE-2026-42907 on June 9, 2026, as a Windows Shell information disclosure vulnerability affecting supported Windows client and server releases, with public listings placing it at medium severity and tying remediation to the June Patch Tuesday security updates. The headline is...

Microsoft has published CVE-2026-45503 as a Microsoft Exchange Server information disclosure vulnerability in the Security Update Guide, with the public record emphasizing confidence in the vulnerability’s existence and available technical detail rather than a fully disclosed exploit narrative...

Microsoft published CVE-2026-45502 on June 9, 2026, as a Microsoft Exchange Server information disclosure vulnerability in the MSRC Security Update Guide, assigning Microsoft as the CNA and presenting the issue as a confirmed security flaw affecting Exchange administrators’ patch queues. The...

Microsoft disclosed CVE-2026-45594 on June 9, 2026, as an Important-rated Windows Application Identity information disclosure vulnerability in the AppID subsystem that can let an authorized local attacker expose sensitive information on affected Windows systems. The flaw is not the sort of...

On June 9, 2026, Microsoft’s Security Update Guide entry for CVE-2026-45455 described a Microsoft Excel information disclosure vulnerability whose CVSS impact metrics indicate limited confidentiality loss, with no direct integrity or availability impact if exploitation succeeds. That wording is...

Microsoft has published CVE-2026-44822 as a Microsoft Excel information disclosure vulnerability in the Security Update Guide, framing it as a confirmed Office flaw whose practical risk depends less on headline severity than on what data Excel can be made to expose and under what conditions. The...

Microsoft disclosed CVE-2026-45634 on June 9, 2026, as an Important-rated Windows DHCP Client information disclosure vulnerability affecting supported Windows client and server releases, with official fixes issued through the June security updates and no public disclosure or exploitation...

Microsoft published CVE-2026-45466, a Microsoft Word information disclosure vulnerability, in its Security Update Guide on Tuesday, June 9, 2026, identifying Word as the affected application and framing the issue as a confidentiality risk rather than code execution. The advisory arrives in the...

Microsoft listed CVE-2026-45485 on June 9, 2026 as a Microsoft Office information disclosure vulnerability in its Security Update Guide, giving administrators a new Office-related confidentiality bug to assess during the June Patch Tuesday cycle. The important story is not only that Office can...

Microsoft has listed CVE-2026-48579 as a Microsoft Exchange Online information disclosure vulnerability in the Security Update Guide, giving administrators a confirmed cloud-service security issue to track as of June 4, 2026, even though public technical detail remains limited. The important...

Microsoft’s CVE-2026-47655 is an information disclosure vulnerability in Microsoft Graph, published through the Microsoft Security Response Center’s Security Update Guide, with the available public framing focused less on exploit mechanics than on confidence in the report and the credibility of...

Microsoft’s MSRC entry for CVE-2026-47644 identifies an information disclosure vulnerability in Copilot Chat for Microsoft Edge, with the advisory pointing administrators toward Microsoft’s vulnerability scoring language rather than a public exploit recipe. The important story is not merely that...

Microsoft has listed CVE-2026-42824 as an M365 Copilot information disclosure vulnerability in the Security Update Guide, describing a flaw whose practical risk turns less on code execution than on whether Copilot can be induced to expose data it should not reveal. That phrasing matters because...

CVE-2026-46167 is a newly published Linux kernel vulnerability, dated May 28, 2026 by NVD and sourced from kernel.org, in which the USB printer driver could leak one byte of stale kernel heap memory through the LPGETSTATUS ioctl when queried by local software. The bug is small in the literal...

CVE-2026-46151 is a Linux kernel information-disclosure flaw published by NVD on May 28, 2026, after kernel.org reported that the USB printer driver could leak stale heap memory through malformed IEEE 1284 device ID responses. The bug is not a Windows vulnerability, but it belongs squarely in...

CVE-2026-46132 is a Linux kernel information-disclosure flaw published by NVD on May 28, 2026, after kernel.org reported that rtnetlink could leak up to 26 bytes of uninitialized kernel stack data per virtual function in certain SR-IOV network interface queries. The bug is not a Windows...