memory disclosure

Microsoft listed CVE-2026-43618 in its Security Update Guide after rsync 3.4.3 shipped on May 20, 2026, fixing a high-severity integer overflow in versions 3.4.2 and earlier that can let a malicious sender make a receiver disclose process memory over the network. The bug is not a Windows kernel...

A newly published Linux kernel CVE is drawing attention for a familiar but dangerous reason: a trusted control path accepted attacker-controlled data without enforcing a hard ceiling. In CVE-2026-31464, the ibmvfc driver can take a num_written value from a VIO server’s discover-targets MAD...

Chromium’s latest security cycle has surfaced a memory-disclosure flaw in WebCodecs, tracked as CVE-2026-5888, and the practical story is less about dramatic remote takeover than about quietly leaking data from browser process memory. Google says the issue affects Chrome prior to 147.0.7727.55...

A newly published issue in the EDK2 UEFI stack — tracked as CVE-2025-2295 — allows a malicious iSCSI target to craft a specially formed R2T (Ready To Transfer) PDU that can trigger an integer‑overflow condition and cause a BIOS/firmware implementation to read and return out‑of‑bounds memory...

PHP’s core image helper has a subtle but consequential flaw: CVE‑2025‑14177 is an information‑disclosure bug in the getimagesize implementation that can cause uninitialized heap bytes to be copied into JPEG APPn metadata (for example APP1), leaking fragments of process memory when images are...

A newly cataloged Windows vulnerability, tracked as CVE-2025-59513, affects the Bluetooth RFCOM protocol driver and is described by Microsoft as an information‑disclosure flaw that can allow a local, unauthorized actor to obtain sensitive kernel or driver memory when interacting with the RFCOM...

Microsoft has published an advisory for CVE-2025-59232, an out-of-bounds read information‑disclosure vulnerability in Microsoft Excel that can leak process memory when a specially crafted workbook is opened; the vendor released security updates on October 14, 2025 and rates the issue as a...

Microsoft has recorded CVE-2025-55699 as a Windows Kernel information‑disclosure vulnerability and published a security update on October 14, 2025 that Microsoft says fixes an issue where an authorized local actor can disclose sensitive kernel memory under certain conditions — administrators...

Microsoft’s security advisory lists CVE‑2025‑59186 as a Windows Kernel — Memory Information Disclosure issue that can permit a local, authorized actor to read sensitive kernel memory; Microsoft’s guidance is clear: apply the vendor-supplied update mapped in the Security Update Guide to fully...

Microsoft has published an advisory for CVE-2025-55325, a buffer over‑read (information‑disclosure) vulnerability in the Windows Storage Management Provider that allows an authorized local attacker with low privileges to read sensitive memory and potentially harvest secrets — and administrators...

Siemens and upstream OpenSSL vulnerabilities that allow out-of-bounds reads — tracked under CVE-2021-3712 — remain a live operational risk across dozens of Siemens industrial networking, communications, and automation products; Siemens has published ProductCERT guidance and fixes for many...

Microsoft’s advisory classifies CVE-2025-54901 as a buffer over-read (out‑of‑bounds read) in Microsoft Office Excel that can disclose process memory contents when a crafted spreadsheet is opened. Executive summary What it is: CVE-2025-54901 is an information‑disclosure vulnerability in...

A newly disclosed vulnerability in Windows Routing and Remote Access Service (RRAS) — tracked as CVE-2025-53806 in the Microsoft Security Response Center entry provided by the reporter — is an out‑of‑bounds read / buffer over‑read that can allow an attacker to obtain memory contents from an...

Microsoft has assigned CVE-2025-53796 to a newly disclosed vulnerability in the Windows Routing and Remote Access Service (RRAS) that can cause a buffer over‑read / use of an uninitialized resource, allowing an attacker to disclose memory contents over a network; organizations that run RRAS as a...

Microsoft’s advisory identifies CVE-2025-53803 as a Windows Kernel memory information disclosure vulnerability: an error message generated by kernel code can contain sensitive kernel memory contents, allowing an authenticated local actor to read data that should remain protected. Background The...

Below is a detailed, publish-ready technical brief on the Windows Imaging Component information-disclosure issue you asked about. I’ve also checked the public advisories and noticed a likely mismatch in the CVE number you supplied — see the “Note on the CVE number” section first. Note on the CVE...

Microsoft’s Security Response Center lists CVE-2025-54095 as an out-of-bounds read in the Windows Routing and Remote Access Service (RRAS) that can disclose memory contents to a remote attacker over the network. Background / Overview Routing and Remote Access Service (RRAS) is a long‑standing...

Siemens’ Brownfield Connectivity Client (BFCClient) is the subject of a freshly republished advisory that bundles multiple OpenSSL-related flaws into a single operational risk for industrial environments—vulnerabilities that can be remotely triggered, permit memory disclosure or application...

Microsoft’s security advisory for CVE-2025-50157 identifies a Windows Routing and Remote Access Service (RRAS) flaw — described as the “use of an uninitialized resource” — that can allow an attacker to disclose sensitive information over a network; Microsoft has published an update and is urging...

Title: CVE-2025-53153 — Windows RRAS "Uninitialized Resource" Information-Disclosure: What admins need to know and do now Summary CVE-2025-53153 is an information-disclosure vulnerability in Microsoft’s Routing and Remote Access Service (RRAS). According to Microsoft, the issue stems from the...