Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-28303

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-13 Jun, 2023 | 16:24
Updated At-01 Jan, 2025 | 00:47
Rejected At-
Credits

Windows Snipping Tool Information Disclosure Vulnerability

Windows Snipping Tool Information Disclosure Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:13 Jun, 2023 | 16:24
Updated At:01 Jan, 2025 | 00:47
Rejected At:
â–¼CVE Numbering Authority (CNA)
Windows Snipping Tool Information Disclosure Vulnerability

Windows Snipping Tool Information Disclosure Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Snipping Tool
Platforms
  • Unknown
Versions
Affected
  • From 11.0.0 before 11.2302.20.0 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Snip & Sketch for Windows 10
Platforms
  • Unknown
Versions
Affected
  • From 9.0 before 10.2008.3001.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-359CWE-359: Exposure of Private Personal Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-359
Description: CWE-359: Exposure of Private Personal Information to an Unauthorized Actor
Metrics
VersionBase scoreBase severityVector
3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28303
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28303
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28303
vendor-advisory
x_transferred
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28303
Resource:
vendor-advisory
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:13 Jun, 2023 | 17:15
Updated At:29 May, 2024 | 04:15

Windows Snipping Tool Information Disclosure Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CPE Matches
Microsoft Corporation
microsoft
>>snip_\&_sketch>>Versions from 9.0(inclusive) to 10.2008.3001.0(exclusive)
cpe:2.3:a:microsoft:snip_\&_sketch:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>snipping_tool>>Versions from 11.0.0(inclusive) to 11.2302.20.0(exclusive)
cpe:2.3:a:microsoft:snipping_tool:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-359Secondarysecure@microsoft.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-359
Type: Secondary
Source: secure@microsoft.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28303secure@microsoft.com
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28303
Source: secure@microsoft.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

130Records found
CVE-2021-43030
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-0.45% / 63.03%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-23 Apr, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Rush MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability

Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose arbitrary data on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. The issue results from the lack of proper initialization of memory prior to accessing it.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowspremiere_rushPremiere Rush
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2021-45051
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-2.37% / 84.63%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 19:04
Updated-23 Apr, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge JPEG2000 Parsing Use-After-Free Information Disclosure Vulnerability

Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an use-after-free vulnerability in the processing of Format event actions that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsbridgemacosBridge
CWE ID-CWE-416
Use After Free
CVE-2021-40766
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-2.29% / 84.39%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:02
Updated-23 Apr, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Character Animator SVG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Adobe Character Animator version 4.4 (and earlier versions) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowscharacter_animatormacosCharacter Animator (Preview 4)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-44715
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-2.15% / 83.87%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 19:05
Updated-16 Sep, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC Out-of-Bounds Read Information Disclosure Vulnerability

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-44189
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-0.03% / 8.87%
||
7 Day CHG~0.00%
Published-07 Sep, 2023 | 13:05
Updated-27 Feb, 2025 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe After Effects JPEG2000 Parsing Use-After-Free Information Disclosure Vulnerability

Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsmacosafter_effectsAfter Effects
CWE ID-CWE-416
Use After Free
CVE-2021-40729
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-0.55% / 67.31%
||
7 Day CHG~0.00%
Published-15 Oct, 2021 | 14:21
Updated-23 Apr, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC PDF Out-of-Bound Read Vulnerability Information Disclosure

Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-39844
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-0.71% / 71.78%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 15:38
Updated-16 Sep, 2024 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader CalRGB Out-of-Bounds Read Vulnerability

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-20834
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.09% / 26.32%
||
7 Day CHG+0.01%
Published-13 Jan, 2026 | 17:56
Updated-13 Feb, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Spoofing Vulnerability

Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_21h2windows_10_22h2windows_server_2022_23h2windows_server_2025windows_10_1809windows_server_2022windows_11_24h2windows_10_1607windows_server_2019windows_server_2008windows_11_23h2windows_11_25h2windows_server_2012Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012 R2Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows 11 Version 25H2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CWE ID-CWE-36
Absolute Path Traversal
CVE-2023-48680
Matching Score-6
Assigner-Acronis International GmbH
ShareView Details
Matching Score-6
Assigner-Acronis International GmbH
CVSS Score-3.3||LOW
EPSS-0.13% / 32.45%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 16:51
Updated-06 Feb, 2025 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAcronis (Acronis International GmbH)
Product-macoswindowscyber_protectAcronis Cyber Protect 16
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2021-28559
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.3||MEDIUM
EPSS-0.86% / 74.63%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 16:08
Updated-17 Sep, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader privacy violation vulnerability could lead to privilege escalation

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Information Exposure vulnerability. An unauthenticated attacker could leverage this vulnerability to get access to restricted data stored within global variables and objects.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2023-44213
Matching Score-6
Assigner-Acronis International GmbH
ShareView Details
Matching Score-6
Assigner-Acronis International GmbH
CVSS Score-3.3||LOW
EPSS-0.07% / 21.29%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 21:56
Updated-10 Sep, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391.

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-windowsagentAcronis Cyber Protect Cloud AgentAcronis Cyber Protect 16
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2023-44156
Matching Score-6
Assigner-Acronis International GmbH
ShareView Details
Matching Score-6
Assigner-Acronis International GmbH
CVSS Score-5.7||MEDIUM
EPSS-0.24% / 46.19%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 12:01
Updated-23 Sep, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)Linux Kernel Organization, IncMicrosoft Corporation
Product-cyber_protectwindowslinux_kernelAcronis Cyber Protect 15
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2025-53950
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.02% / 5.30%
||
7 Day CHG+0.01%
Published-16 Oct, 2025 | 14:00
Updated-14 Jan, 2026 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated administrator to collect current user's email information.

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Fortinet, Inc.
Product-macoswindowsfortidlp_agentFortiDLP
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2025-53765
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.07% / 22.23%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-13 Feb, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Stack Hub Information Disclosure Vulnerability

Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_app_service_on_azure_stackazure_stack_hubAzure Stack Hub
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2024-6053
Matching Score-6
Assigner-TeamViewer Germany GmbH
ShareView Details
Matching Score-6
Assigner-TeamViewer Germany GmbH
CVSS Score-4.3||MEDIUM
EPSS-0.53% / 66.71%
||
7 Day CHG~0.00%
Published-28 Aug, 2024 | 16:30
Updated-19 Sep, 2024 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper access control in the clipboard synchronization feature

Improper access control in the clipboard synchronization feature in TeamViewer Full Client prior version 15.57 and TeamViewer Meeting prior version 15.55.3 can lead to unintentional sharing of the clipboard with the current presenter of a meeting.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationTeamViewerLinux Kernel Organization, Inc
Product-meetinglinux_kernelteamviewerwindowsmacosMeetingRemote Full Client
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2026-0102
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-3.1||LOW
EPSS-Not Assigned
Published-17 Feb, 2026 | 19:14
Updated-17 Feb, 2026 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Defense in Depth Vulnerability

Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft Edge (Chromium-based)
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2024-49025
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.30% / 53.30%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 19:49
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2024-41780
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.2||MEDIUM
EPSS-0.06% / 19.18%
||
7 Day CHG+0.03%
Published-03 Jan, 2025 | 14:38
Updated-21 Mar, 2025 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Jazz Foundation information disclosure

IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could could allow a physical user to obtain sensitive information due to not masking passwords during entry.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-linux_kerneljazz_foundationwindowsJazz Foundation
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2024-38103
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.9||MEDIUM
EPSS-1.20% / 78.57%
||
7 Day CHG~0.00%
Published-25 Jul, 2024 | 21:33
Updated-09 Dec, 2025 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edgeMicrosoft Edge (Chromium-based)
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2025-49715
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 36.32%
||
7 Day CHG+0.02%
Published-20 Jun, 2025 | 01:04
Updated-13 Feb, 2026 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability

Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365Dynamics 365 FastTrack Implementation
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2024-29987
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 49.29%
||
7 Day CHG~0.00%
Published-18 Apr, 2024 | 18:59
Updated-03 May, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2024-30056
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-9.71% / 92.75%
||
7 Day CHG~0.00%
Published-25 May, 2024 | 17:12
Updated-03 May, 2025 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2024-29986
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 42.35%
||
7 Day CHG~0.00%
Published-18 Apr, 2024 | 18:59
Updated-03 May, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability

Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-androidedge_chromiumMicrosoft Edge (Chromium-based)edge_chromium
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2024-26192
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.2||HIGH
EPSS-0.19% / 40.77%
||
7 Day CHG~0.00%
Published-23 Feb, 2024 | 22:16
Updated-03 May, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2023-36018
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.61% / 81.40%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 17:57
Updated-09 Oct, 2025 | 00:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code Jupyter Extension Spoofing Vulnerability

Visual Studio Code Jupyter Extension Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-jupyterJupyter Extension for Visual Studio Code
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2023-36052
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.6||HIGH
EPSS-0.40% / 59.89%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 17:57
Updated-08 Oct, 2025 | 23:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure CLI REST Command Information Disclosure Vulnerability

Azure CLI REST Command Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_command-line_interfaceAzure Function AppAzure Logic AppAzure App Service
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2023-42830
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.07% / 20.48%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 22:03
Updated-16 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosmacosiOS and iPadOSmacOS
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2025-43301
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.01% / 0.71%
||
7 Day CHG-0.01%
Published-15 Sep, 2025 | 22:34
Updated-04 Nov, 2025 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to access contact info related to notifications in Notification Center.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2025-43357
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.92%
||
7 Day CHG-0.01%
Published-15 Sep, 2025 | 22:35
Updated-04 Nov, 2025 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 26 and iPadOS 26. An app may be able to fingerprint the user.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osmacosiOS and iPadOS
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2024-23211
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.02% / 5.69%
||
7 Day CHG~0.00%
Published-23 Jan, 2024 | 00:25
Updated-04 Nov, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Settings.

Action-Not Available
Vendor-Apple Inc.
Product-watchosipadosmacossafariiphone_osSafariwatchOSiOS and iPadOSmacOS
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found