Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-55051

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-14 Jul, 2026 | 17:08
Updated At-17 Jul, 2026 | 21:32
Rejected At-
Credits

Microsoft SharePoint Server Information Disclosure Vulnerability

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:14 Jul, 2026 | 17:08
Updated At:17 Jul, 2026 | 21:32
Rejected At:
â–¼CVE Numbering Authority (CNA)
Microsoft SharePoint Server Information Disclosure Vulnerability

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SharePoint Enterprise Server 2016
Platforms
  • x64-based Systems
Versions
Affected
  • From 16.0.0 before 16.0.5561.1001 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SharePoint Server 2019
Platforms
  • x64-based Systems
Versions
Affected
  • From 16.0.0 before 16.0.10417.20175 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SharePoint Server Subscription Edition
Platforms
  • x64-based Systems
Versions
Affected
  • From 16.0.0 before 16.0.19725.20434 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-918CWE-918: Server-Side Request Forgery (SSRF)
Type: CWE
CWE ID: CWE-918
Description: CWE-918: Server-Side Request Forgery (SSRF)
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55051
vendor-advisory
patch
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55051
Resource:
vendor-advisory
patch
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:14 Jul, 2026 | 18:18
Updated At:16 Jul, 2026 | 14:26

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
N/A
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Microsoft Corporation
microsoft
>>sharepoint_server>>Versions before 16.0.19725.20434(exclusive)
cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*
Microsoft Corporation
microsoft
>>sharepoint_server>>2016
cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*
Microsoft Corporation
microsoft
>>sharepoint_server>>2019
cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-918Secondarysecure@microsoft.com
CWE ID: CWE-918
Type: Secondary
Source: secure@microsoft.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55051secure@microsoft.com
Patch
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55051
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

377Records found

CVE-2023-24954
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.79% / 75.86%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 17:03
Updated-10 Jul, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2sharepoint_serverwindows_10_22h2windows_server_2022sharepoint_enterprise_serverwindows_10_20h2windows_11_22h2windows_10_1607Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-45501
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 22.82%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 17:04
Updated-15 Jul, 2026 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Spoofing Vulnerability

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverexchange_server_subscription_editionMicrosoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 14Microsoft Exchange Server 2019 Cumulative Update 15Microsoft Exchange Server Subscription Edition RTM
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-21385
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-24.44% / 97.63%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 22:07
Updated-09 Jun, 2026 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Purview Information Disclosure Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-purviewMicrosoft Purview
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-42343
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-1.36% / 68.70%
||
7 Day CHG~0.00%
Published-19 Dec, 2022 | 10:00
Updated-23 Apr, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Campaign Classic Server-Side Request Forgery Arbitrary file system read

Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-windowscampaignlinux_kernelAdobe Campaign Classic (ACC)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-45503
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.45% / 36.68%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 17:04
Updated-15 Jul, 2026 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Information Disclosure Vulnerability

Improper authorization in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverexchange_server_subscription_editionMicrosoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 14Microsoft Exchange Server 2019 Cumulative Update 15Microsoft Exchange Server Subscription Edition RTM
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-38206
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.5||HIGH
EPSS-12.34% / 95.75%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 21:38
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Copilot Studio Information Disclosure Vulnerability

An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-copilot_studioMicrosoft Copilot Studio
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-21512
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.96% / 57.59%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:51
Updated-11 May, 2026 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure DevOps Server Cross-Site Scripting Vulnerability

Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_devops_serverAzure DevOps Server 2022
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-20483
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.92% / 56.15%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 16:15
Updated-16 Sep, 2024 | 23:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-security_identity_managersolarislinux_kernelwindowsaixSecurity Identity Manager
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-20480
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.30% / 67.20%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 12:20
Updated-16 Sep, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-22042
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.51% / 83.01%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:37
Updated-08 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Information Disclosure Vulnerability

Windows Hyper-V Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 8.1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows Server version 20H2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 21H2Windows 7 Service Pack 1Windows 10 Version 21H1
CVE-2025-53781
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.7||HIGH
EPSS-1.12% / 62.63%
||
7 Day CHG+0.08%
Published-12 Aug, 2025 | 17:09
Updated-13 Feb, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Virtual Machines Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-ecedsv5-series_azure_vmdcesv6-series_azure_vmecadsv5-series_azure_vm_firmwareecesv5-series_azure_vmecasv5-series_azure_vmecesv6-series_azure_vm_firmwarenccadsh100v5-series_azure_vmecesv6-series_azure_vmecesv5-series_azure_vm_firmwaredcedsv5-series_azure_vmdcadsv5-series_azure_vmdcasv5-series_azure_vmdcesv5-series_azure_vm_firmwaredcasv5-series_azure_vm_firmwaredcesv5-series_azure_vmdcadsv5-series_azure_vm_firmwaredcedsv5-series_azure_vm_firmwareecedsv5-series_azure_vm_firmwareecadsv5-series_azure_vmnccadsh100v5-series_azure_vm_firmwareecasv5-series_azure_vm_firmwaredcesv6-series_azure_vm_firmwareECesv5-series Azure VMECedsv5-series Azure VMECadsv5-series Azure VMDCesv5-series - Azure VMDCesv6-series Azure VMDCasv5-series Azure VMNCCadsH100v5-series Azure VMEcesv6-series Azure VMDCadsv5-series Azure VMECasv5-series Azure VMDCedsv5-series Azure VM
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-36013
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.44% / 70.15%
||
7 Day CHG~0.00%
Published-20 Nov, 2023 | 16:02
Updated-09 Oct, 2025 | 00:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PowerShell Information Disclosure Vulnerability

PowerShell Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-powershellPowerShell 7.2PowerShell 7.4PowerShell 7.3
CWE ID-CWE-798
Use of Hard-coded Credentials
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2023-35316
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.40% / 69.55%
||
7 Day CHG+0.18%
Published-11 Jul, 2023 | 17:02
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Procedure Call Runtime Information Disclosure Vulnerability

Remote Procedure Call Runtime Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-0637
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-5.03% / 91.31%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 23:11
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information, aka 'Remote Desktop Web Access Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2019windows_server_2008Windows Server
CVE-2025-52450
Matching Score-8
Assigner-Salesforce, Inc.
ShareView Details
Matching Score-8
Assigner-Salesforce, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.38% / 30.12%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 20:18
Updated-31 Oct, 2025 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (abdoc api - create-data-source-from-file-upload modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

Action-Not Available
Vendor-tableauSalesforceLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelwindowstableau_serverTableau Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-32042
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.34% / 68.18%
||
7 Day CHG+0.16%
Published-11 Jul, 2023 | 17:02
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OLE Automation Information Disclosure Vulnerability

OLE Automation Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2023-29256
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.85% / 53.97%
||
7 Day CHG~0.00%
Published-09 Jul, 2023 | 23:27
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 information disclosure

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-Force ID: 252046.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-5808
Matching Score-8
Assigner-Hitachi Vantara
ShareView Details
Matching Score-8
Assigner-Hitachi Vantara
CVSS Score-7.6||HIGH
EPSS-0.54% / 42.01%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 23:53
Updated-28 Aug, 2024 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products are susceptible to unintended information disclosure via unprivileged access to HNAS configuration backup and diagnostic data.

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.

Action-Not Available
Vendor-Hitachi Vantara LLCHitachi, Ltd.Microsoft Corporation
Product-windowsvantara_hitachi_network_attached_storageSystem Management Unit (SMU)system_management_unit
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-287
Improper Authentication
CVE-2025-50166
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.29% / 67.00%
||
7 Day CHG+0.09%
Published-12 Aug, 2025 | 17:10
Updated-13 Feb, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Distributed Transaction Coordinator (MSDTC) Information Disclosure Vulnerability

Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1809windows_10_22h2windows_server_2012windows_server_2008windows_server_2019windows_10_1507windows_server_2022_23h2windows_10_21h2windows_11_23h2windows_server_2022windows_server_2016windows_server_2025windows_11_24h2windows_10_1607windows_11_22h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-24866
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.53% / 71.99%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 16:55
Updated-28 Feb, 2025 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2019Windows Server 2012Windows 10 Version 1809Windows 11 version 21H2Windows Server 2022Windows Server 2012 R2Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2023-24890
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.21% / 64.84%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 16:55
Updated-28 Feb, 2025 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft OneDrive for iOS Security Feature Bypass Vulnerability

Microsoft OneDrive for iOS Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-onedriveOneDrive for iOS
CWE ID-CWE-1390
Weak Authentication
CVE-2023-24950
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-67.45% / 99.23%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 17:03
Updated-10 Jul, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_enterprise_serverMicrosoft SharePoint Server Subscription EditionMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019
CWE ID-CWE-20
Improper Input Validation
CVE-2023-24865
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.53% / 71.99%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 16:55
Updated-28 Feb, 2025 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2019Windows Server 2012Windows 10 Version 1809Windows 11 version 21H2Windows Server 2022Windows Server 2012 R2Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-20
Improper Input Validation
CVE-2023-24857
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.46% / 70.67%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 16:55
Updated-28 Feb, 2025 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_11_21h2windows_10_22h2windows_server_2022windows_10windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2019Windows Server 2012Windows 10 Version 1809Windows 11 version 21H2Windows Server 2022Windows Server 2012 R2Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-126
Buffer Over-read
CVE-2023-24906
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.46% / 70.67%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 16:55
Updated-28 Feb, 2025 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2019Windows Server 2012Windows 10 Version 1809Windows 11 version 21H2Windows Server 2022Windows Server 2012 R2Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2023-24922
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.46% / 70.67%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 16:55
Updated-01 Jan, 2025 | 00:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365Microsoft Dynamics 365 (on-premises) version 9.0Microsoft Dynamics 365 (on-premises) version 9.1
CWE ID-CWE-643
Improper Neutralization of Data within XPath Expressions ('XPath Injection')
CVE-2023-24870
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.46% / 70.67%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 16:55
Updated-28 Feb, 2025 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2019Windows Server 2012Windows 10 Version 1809Windows 11 version 21H2Windows Server 2022Windows Server 2012 R2Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2023-24883
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.46% / 70.67%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-28 Feb, 2025 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2019Windows Server 2012Windows 10 Version 1809Windows 11 version 21H2Windows Server 2022Windows Server 2012 R2Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-126
Buffer Over-read
CVE-2023-23838
Matching Score-8
Assigner-SolarWinds
ShareView Details
Matching Score-8
Assigner-SolarWinds
CVSS Score-6.5||MEDIUM
EPSS-1.27% / 66.60%
||
7 Day CHG~0.00%
Published-25 Apr, 2023 | 00:00
Updated-04 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Directory traversal and file enumeration vulnerability: Database Performance Analyzer (DPA) 2023.1

Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.

Action-Not Available
Vendor-SolarWinds Worldwide, LLC.Microsoft Corporation
Product-database_performance_analyzerwindowsDatabase Performance Analyzer
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-23472
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.1||LOW
EPSS-0.34% / 25.82%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 12:14
Updated-11 Mar, 2025 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server information disclosure

IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-aixinfosphere_information_serverlinux_kernelwindowsInfoSphere Information Server
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2023-22268
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-1.21% / 64.87%
||
7 Day CHG~0.00%
Published-17 Nov, 2023 | 12:52
Updated-04 Sep, 2024 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-21308: Adobe RoboHelp Server getRHSGroupsForRoles SQL Injection Information Disclosure Vulnerability

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an low-privileged authenticated attacker. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-robohelp_serverwindowsRoboHelp
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-19362
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.08% / 79.40%
||
7 Day CHG~0.00%
Published-02 Dec, 2019 | 02:52
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history (but does not exit the application), this data is not wiped from main memory, and therefore could be read by a local user with the same or greater privileges.

Action-Not Available
Vendor-n/aMicrosoft CorporationTeamViewer
Product-windowsteamviewern/a
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CVE-2025-47995
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.63% / 46.14%
||
7 Day CHG~0.00%
Published-18 Jul, 2025 | 17:04
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Machine Learning Elevation of Privilege Vulnerability

Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_machine_learningAzure Machine Learning
CWE ID-CWE-1390
Weak Authentication
CVE-2023-23382
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.12% / 86.34%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:32
Updated-01 Jan, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Machine Learning Compute Instance Information Disclosure Vulnerability

Azure Machine Learning Compute Instance Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_machine_learningAzure Machine Learning
CWE ID-CWE-257
Storing Passwords in a Recoverable Format
CVE-2025-47997
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.77% / 51.32%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 17:01
Updated-20 Feb, 2026 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Information Disclosure Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2017sql_server_2016sql_server_2019sql_server_2022Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2019 (CU 32)Microsoft SQL Server 2017 (GDR)Microsoft SQL Server 2022 (CU 20)Microsoft SQL Server 2017 (CU 31)Microsoft SQL Server 2022 (GDR)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-33783
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.58% / 83.48%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:53
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows SMB Information Disclosure Vulnerability

Windows SMB Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2019-1487
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.27% / 89.97%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:41
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in Android Apps using Microsoft Authentication Library (MSAL) 0.3.1-Alpha or later exists under specific conditions, aka 'Microsoft Authentication Library for Android Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-authentication_libraryMicrosoft Authentication Library (MSAL) for Android
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1376
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-5.03% / 91.30%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1313.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_management_studioSQL Server Management Studio
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2025-36372
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.30% / 22.24%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 20:03
Updated-02 Jul, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM® Db2® could disclose sensitive information to an authenticated user from the monitoring and event tables

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information to an authenticated user from the monitoring and event tables.

Action-Not Available
Vendor-opengroupIBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelwindowsdb2unixDb2
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
CVE-2022-45052
Matching Score-8
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
ShareView Details
Matching Score-8
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
CVSS Score-8.8||HIGH
EPSS-0.72% / 49.74%
||
7 Day CHG~0.00%
Published-04 Jan, 2023 | 18:11
Updated-11 Mar, 2025 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local File Inclusion in Axiell Iguana CMS

A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server.

Action-Not Available
Vendor-axiellAxiellMicrosoft CorporationLinux Kernel Organization, Inc
Product-iguanalinux_kernelwindowsIguana
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2023-4554
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-4.9||MEDIUM
EPSS-0.43% / 35.29%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 20:56
Updated-29 May, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XML External Entity (XXE) Processing

Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them. This issue affects AppBuilder: from 21.2 before 23.2.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationOpen Text Corporation
Product-appbuilderwindowslinux_kernelAppBuilder
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2023-4595
Matching Score-8
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-8
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.5||HIGH
EPSS-0.72% / 49.68%
||
7 Day CHG~0.00%
Published-23 Nov, 2023 | 12:38
Updated-02 Aug, 2024 | 07:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insertion of Sensitive Information into Externally-Accessible File or Directory in BVRP Software SLmail

An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.

Action-Not Available
Vendor-seattlelabBVRP SoftwareMicrosoft Corporation
Product-windowsslmailSLmail
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
CVE-2021-28442
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-6.49% / 93.00%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows TCP/IP Information Disclosure Vulnerability

Windows TCP/IP Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2025-27738
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.17% / 86.58%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:24
Updated-13 Feb, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Resilient File System (ReFS) Information Disclosure Vulnerability

Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022_23h2windows_10_1607windows_10_21h2windows_server_2012windows_server_2019windows_11_23h2windows_server_2022windows_11_24h2windows_10_1809windows_server_2025windows_server_2016windows_11_22h2windows_10_22h2Windows Server 2025Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-284
Improper Access Control
CVE-2019-0588
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.63% / 90.67%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 21:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-28328
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.49% / 82.88%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-19 Nov, 2024 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DNS Information Disclosure Vulnerability

Windows DNS Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2019-0703
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-9.64% / 94.95%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 23:41
Updated-29 Oct, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-13||Apply updates per vendor instructions.

An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_10_1709windows_10_1507windows_server_2012windows_server_1803windows_server_2008windows_10_1703windows_10_1607windows_server_1709windows_10_1809windows_server_2019windows_rt_8.1windows_8.1windows_server_2016windows_10_1803WindowsWindows ServerWindows
CVE-2021-28323
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.32% / 90.08%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DNS Information Disclosure Vulnerability

Windows DNS Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-178
Improper Handling of Case Sensitivity
CVE-2026-57982
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.95% / 57.37%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:09
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

Use of uninitialized resource in Windows RDP allows an authorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Windows 10 Version 1607Windows Server 2012 R2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012Windows 11 Version 25H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2016Windows 11 version 26H1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2026-56185
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.62% / 45.56%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:05
Updated-17 Jul, 2026 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Admin Center Information Disclosure Vulnerability

Improper authentication in Windows Admin Center allows an authorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Windows Admin Center
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 7
  • 8
  • Next
Details not found