information disclosure

Microsoft's advisory listing for CVE-2026-20958 places the vulnerability squarely in the category security teams take most seriously: a vendor‑acknowledged SharePoint flaw tied to information disclosure that demands immediate patch‑and‑hunt workflows, careful exposure reduction, and post‑patch...

Microsoft has recorded an information‑disclosure vulnerability in Windows File Explorer under the identifier CVE-2026-20939, and the vendor’s terse advisory in the Microsoft Security Update Guide confirms the defect while withholding exploit-level detail; operators must therefore treat this as a...

Microsoft's security advisory entry for CVE-2026-20939 lists a new Windows File Explorer information disclosure vulnerability that was addressed in the January 13, 2026 security updates; affected systems should be treated as potentially exposed until updates are applied and mitigations are in...

Windows users and administrators should treat the newly recorded CVE‑2026‑20937 as a serious information‑disclosure issue in Windows File Explorer: Microsoft’s Security Update Guide lists the identifier and classifies it as an Explorer‑level information leak, but the vendor’s initial entry is...

CVE-2026-20935 is a vendor-acknowledged information‑disclosure flaw in Windows’ Virtualization‑Based Security (VBS) enclave that requires local, authorized access but carries outsized operational risk because leaked enclave data can accelerate full host compromise; administrators should treat...

Microsoft's January security rollup includes a newly cataloged information‑disclosure flaw affecting the Windows Management Services component, tracked as CVE‑2026‑20862, and administrators should treat it as a firm reason to validate and accelerate patching on any system that exposes Windows...

Microsoft has recorded CVE-2026-20862 as an information disclosure vulnerability in Windows Management Services (WMS), and the vendor’s terse public advisory — delivered via the Microsoft Security Response Center’s Update Guide — makes this a high-priority operational problem for administrators...

Microsoft’s Security Update Guide lists CVE‑2026‑20932 as an information disclosure vulnerability in Windows File Explorer, a terse but authoritative entry that confirms the defect exists and that Microsoft has recorded it for remediation. This advisory classifies the issue as a confidentiality...

Microsoft’s Security Update Guide lists CVE-2026-20851 as an information‑disclosure vulnerability in the Capability Access Management Service (camsvc), but the vendor’s interactive advisory does not expose per‑SKU KB mappings or low‑level technical details via a simple fetch — defenders must...

Microsoft’s security registry records CVE-2026-20838 as a Windows kernel information‑disclosure vulnerability — an advisory IT teams must treat as a credible reconnaissance primitive that can materially aid follow‑on local exploitation unless systems are patched and detection controls are...

Microsoft’s Security Update Guide lists CVE-2026-20835 as an information disclosure issue in the Capability Access Management Service (camsvc), but the public technical record is intentionally sparse: the MSRC advisory is present only as an interactive page that requires a browser to render, and...

Microsoft has recorded CVE-2026-20825 — an improper access control vulnerability in Windows Hyper‑V that, according to the vendor summary, permits an authorized local attacker to disclose sensitive information on the host. The public advisory entry is terse: it classifies the flaw as an...

Microsoft’s security update listing for CVE-2026-20819 identifies an untrusted pointer dereference in the Windows Virtualization‑Based Security (VBS) enclave that can be induced by an authorized local actor to disclose sensitive information from inside the enclave, and Microsoft has published an...

Microsoft’s security tracker lists CVE-2026-20823 as an information‑disclosure defect in Windows File Explorer that can allow an authorized local attacker to disclose information from a host; the vendor entry is terse and administrators should treat this as a high‑priority local post‑compromise...

Microsoft has confirmed an information‑disclosure vulnerability in the Windows Remote Procedure Call (RPC) subsystem, tracked as CVE‑2026‑20821, that can allow a local, unauthorized actor to obtain sensitive memory or system information when the vulnerable RPC runtime is invoked. Background...

Microsoft has recorded a Desktop Window Manager (DWM) information‑disclosure vulnerability under the identifier CVE‑2026‑20805; the vendor advisory classifies the issue as an information disclosure that can allow an authorized local actor to read sensitive information on a vulnerable host, and...

Microsoft’s advisory for CVE-2026-20962 warns that a use of an uninitialized resource inside the Dynamic Root of Trust for Measurement (DRTM) implementation can allow an authorized local attacker to disclose sensitive information, and administrators should treat affected hosts as high priority...

A newly cataloged Linux kernel vulnerability, tracked as CVE-2025-68288, exposes a subtle but material memory-leak condition in the USB mass-storage transport path that can allow USB protocol bytes to leak from kernel memory into user space via the SCSI Generic (/dev/sg*) interface. The flaw was...

Microsoft’s December security rollup includes a newly recorded information‑disclosure bug in the Windows Camera Frame Server Monitor, tracked as CVE‑2025‑62570, that Microsoft lists in its Security Update Guide and that third‑party trackers have scored at CVSS v3.1 7.1 (High) — a finding that...

Microsoft’s Security Update Guide lists CVE-2025-64670 as a Windows DirectX information‑disclosure issue in the Microsoft Graphics Component that can allow an authenticated, low‑privilege actor to leak sensitive kernel or process memory over a network‑reachable channel; the advisory signals a...