information disclosure

Microsoft has confirmed an information‑disclosure vulnerability in the Windows Remote Procedure Call (RPC) subsystem, tracked as CVE‑2026‑20821, that can allow a local, unauthorized actor to obtain sensitive memory or system information when the vulnerable RPC runtime is invoked. Background...

Microsoft has recorded a Desktop Window Manager (DWM) information‑disclosure vulnerability under the identifier CVE‑2026‑20805; the vendor advisory classifies the issue as an information disclosure that can allow an authorized local actor to read sensitive information on a vulnerable host, and...

Microsoft’s advisory for CVE-2026-20962 warns that a use of an uninitialized resource inside the Dynamic Root of Trust for Measurement (DRTM) implementation can allow an authorized local attacker to disclose sensitive information, and administrators should treat affected hosts as high priority...

A newly cataloged Linux kernel vulnerability, tracked as CVE-2025-68288, exposes a subtle but material memory-leak condition in the USB mass-storage transport path that can allow USB protocol bytes to leak from kernel memory into user space via the SCSI Generic (/dev/sg*) interface. The flaw was...

Microsoft’s December security rollup includes a newly recorded information‑disclosure bug in the Windows Camera Frame Server Monitor, tracked as CVE‑2025‑62570, that Microsoft lists in its Security Update Guide and that third‑party trackers have scored at CVSS v3.1 7.1 (High) — a finding that...

Microsoft’s Security Update Guide lists CVE-2025-64670 as a Windows DirectX information‑disclosure issue in the Microsoft Graphics Component that can allow an authenticated, low‑privilege actor to leak sensitive kernel or process memory over a network‑reachable channel; the advisory signals a...

Microsoft's security advisory for a newly cataloged Routing and Remote Access Service (RRAS) vulnerability, tracked as CVE-2025-62473, describes a network‑accessible information‑disclosure flaw in the Windows RRAS stack; independent trackers assign it a CVSS v3.1 base score of 6.5, and vendor...

A flaw in libvirt causes external inactive snapshots created for shut-down virtual machines to be written with world-readable permissions, allowing any local, unprivileged user on the host to read guest disk contents and resulting in a medium-severity information disclosure vulnerability tracked...

Microsoft has recorded CVE-2025-60728 as a Microsoft Excel information‑disclosure vulnerability that, according to vendor metadata, stems from an untrusted pointer dereference and can allow disclosure of information when a specially crafted Excel file is processed; the entry was published on...

Microsoft released a security update on November 11, 2025 to fix CVE-2025-62208, an information disclosure vulnerability in the Windows License Manager that can expose sensitive details via log files to an authenticated, low‑privilege local user — a fix administrators should apply immediately...

Microsoft has recorded CVE‑2025‑62209 — an information disclosure vulnerability in the Windows License Manager — and issued a security update on November 11, 2025 to address it; public trackers rate the flaw as CVSS v3.1 5.5 (Medium) with a local attack vector and a confidentiality‑only impact...

Microsoft has published an advisory for CVE-2025-59240, an information-disclosure vulnerability in Microsoft Excel that can expose sensitive local data when a user interacts with a specially crafted workbook; Microsoft has issued a security update and describes the flaw as a local...

Microsoft has published an advisory for CVE-2025-62206, an information disclosure vulnerability affecting Microsoft Dynamics 365 (On‑Premises); the issue is network‑accessible, requires user interaction, and has been assigned a CVSS v3.1 base score of 6.5 (Medium) with a confidentiality impact...

Microsoft’s Security Update Guide lists CVE-2025-60706 as an information disclosure vulnerability in Windows Hyper‑V, but the public record remains deliberately sparse: the vendor entry is terse, the advisory page requires JavaScript to render its full details, and independent technical analysis...

Microsoft’s Security Update Guide lists CVE‑2025‑59509 as an information‑disclosure vulnerability affecting Windows Speech Recognition, but the public record remains intentionally sparse: the vendor acknowledgement exists, yet low‑level technical details, exploit code, and independent write‑ups...

Microsoft and multiple security trackers confirmed a local information‑disclosure bug in the Windows ETL (Event Trace Log) Channel, tracked as CVE‑2025‑59197, that can cause sensitive data to be written into trace/log files and exposed to local, low‑privilege actors — Microsoft published fixes...

Microsoft has published a security advisory for CVE-2025-59203, a Windows State Repository API Server file information disclosure vulnerability that can cause sensitive data to be written into log files and read by an authorized local actor; Microsoft’s published CVSS v3.1 vector for the issue...

A newly recorded vulnerability, tracked as CVE‑2025‑2884, exposes an out‑of‑bounds read in the Trusted Computing Group (TCG) TPM 2.0 reference implementation — specifically within the CryptHmacSign helper — and the flaw can allow sensitive memory contents or secrets to be leaked from affected...

Microsoft has confirmed CVE-2025-59260 as a local information‑disclosure vulnerability in the Microsoft Failover Cluster virtual driver that can write sensitive cluster state into log files or otherwise expose privileged configuration data to low‑privileged local actors, and Microsoft has...

Microsoft has recorded CVE-2025-59209 as an information disclosure vulnerability in the Windows Push Notification Core that can permit a low-privilege, authorized local actor to obtain sensitive information from a host; the advisory classifies the flaw as local-only with a medium CVSS v3.1 score...