information disclosure

Windows users and administrators should treat the newly recorded CVE‑2026‑20937 as a serious information‑disclosure issue in Windows File Explorer: Microsoft’s Security Update Guide lists the identifier and classifies it as an Explorer‑level information leak, but the vendor’s initial entry is...

CVE-2026-20935 is a vendor-acknowledged information‑disclosure flaw in Windows’ Virtualization‑Based Security (VBS) enclave that requires local, authorized access but carries outsized operational risk because leaked enclave data can accelerate full host compromise; administrators should treat...

Microsoft's January security rollup includes a newly cataloged information‑disclosure flaw affecting the Windows Management Services component, tracked as CVE‑2026‑20862, and administrators should treat it as a firm reason to validate and accelerate patching on any system that exposes Windows...

Microsoft has recorded CVE-2026-20862 as an information disclosure vulnerability in Windows Management Services (WMS), and the vendor’s terse public advisory — delivered via the Microsoft Security Response Center’s Update Guide — makes this a high-priority operational problem for administrators...

Microsoft’s Security Update Guide lists CVE‑2026‑20932 as an information disclosure vulnerability in Windows File Explorer, a terse but authoritative entry that confirms the defect exists and that Microsoft has recorded it for remediation. This advisory classifies the issue as a confidentiality...

Microsoft’s Security Update Guide lists CVE-2026-20851 as an information‑disclosure vulnerability in the Capability Access Management Service (camsvc), but the vendor’s interactive advisory does not expose per‑SKU KB mappings or low‑level technical details via a simple fetch — defenders must...

Microsoft’s security registry records CVE-2026-20838 as a Windows kernel information‑disclosure vulnerability — an advisory IT teams must treat as a credible reconnaissance primitive that can materially aid follow‑on local exploitation unless systems are patched and detection controls are...

Microsoft’s Security Update Guide lists CVE-2026-20835 as an information disclosure issue in the Capability Access Management Service (camsvc), but the public technical record is intentionally sparse: the MSRC advisory is present only as an interactive page that requires a browser to render, and...

Microsoft has recorded CVE-2026-20825 — an improper access control vulnerability in Windows Hyper‑V that, according to the vendor summary, permits an authorized local attacker to disclose sensitive information on the host. The public advisory entry is terse: it classifies the flaw as an...

Microsoft’s security update listing for CVE-2026-20819 identifies an untrusted pointer dereference in the Windows Virtualization‑Based Security (VBS) enclave that can be induced by an authorized local actor to disclose sensitive information from inside the enclave, and Microsoft has published an...

Microsoft’s security tracker lists CVE-2026-20823 as an information‑disclosure defect in Windows File Explorer that can allow an authorized local attacker to disclose information from a host; the vendor entry is terse and administrators should treat this as a high‑priority local post‑compromise...

Microsoft has confirmed an information‑disclosure vulnerability in the Windows Remote Procedure Call (RPC) subsystem, tracked as CVE‑2026‑20821, that can allow a local, unauthorized actor to obtain sensitive memory or system information when the vulnerable RPC runtime is invoked. Background...

Microsoft has recorded a Desktop Window Manager (DWM) information‑disclosure vulnerability under the identifier CVE‑2026‑20805; the vendor advisory classifies the issue as an information disclosure that can allow an authorized local actor to read sensitive information on a vulnerable host, and...

Microsoft’s advisory for CVE-2026-20962 warns that a use of an uninitialized resource inside the Dynamic Root of Trust for Measurement (DRTM) implementation can allow an authorized local attacker to disclose sensitive information, and administrators should treat affected hosts as high priority...

A newly cataloged Linux kernel vulnerability, tracked as CVE-2025-68288, exposes a subtle but material memory-leak condition in the USB mass-storage transport path that can allow USB protocol bytes to leak from kernel memory into user space via the SCSI Generic (/dev/sg*) interface. The flaw was...

Microsoft’s December security rollup includes a newly recorded information‑disclosure bug in the Windows Camera Frame Server Monitor, tracked as CVE‑2025‑62570, that Microsoft lists in its Security Update Guide and that third‑party trackers have scored at CVSS v3.1 7.1 (High) — a finding that...

Microsoft’s Security Update Guide lists CVE-2025-64670 as a Windows DirectX information‑disclosure issue in the Microsoft Graphics Component that can allow an authenticated, low‑privilege actor to leak sensitive kernel or process memory over a network‑reachable channel; the advisory signals a...

Microsoft's security advisory for a newly cataloged Routing and Remote Access Service (RRAS) vulnerability, tracked as CVE-2025-62473, describes a network‑accessible information‑disclosure flaw in the Windows RRAS stack; independent trackers assign it a CVSS v3.1 base score of 6.5, and vendor...

A flaw in libvirt causes external inactive snapshots created for shut-down virtual machines to be written with world-readable permissions, allowing any local, unprivileged user on the host to read guest disk contents and resulting in a medium-severity information disclosure vulnerability tracked...

Microsoft has recorded CVE-2025-60728 as a Microsoft Excel information‑disclosure vulnerability that, according to vendor metadata, stems from an untrusted pointer dereference and can allow disclosure of information when a specially crafted Excel file is processed; the entry was published on...