PULSE
LIVE18signals / 24h
FEED
ransomincransom reclama a v-silicon.com · TW · Technologyransomincransom reclama a FAST.COM.PH · PH · Technologyransomincransom reclama a D.MAG New Material Technology Co., Ltd. Taiwan Giant · TW · Manufacturingransomincransom reclama a vedan corp · VN · Agriculture and Food Productionransomincransom reclama a reatile.co.za · ZA · Not Foundransomincransom reclama a V&P Nurseries · US · Agriculture and Food Productionransomqilin reclama a Powder River Heating & Air Conditioning · US · Consumer Servicesransomqilin reclama a Droguería Martorani · AR · Consumer Servicesransomthegentlemen reclama a Military Sealift Command · US · Transportation/Logisticsransomthegentlemen reclama a Advantage Home Health Care · US · Healthcareransomthegentlemen reclama a Sunway Scientific · TW · Manufacturingransomqilin reclama a Cafar · AR · Agriculture and Food Productionransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturingransomincransom reclama a v-silicon.com · TW · Technologyransomincransom reclama a FAST.COM.PH · PH · Technologyransomincransom reclama a D.MAG New Material Technology Co., Ltd. Taiwan Giant · TW · Manufacturingransomincransom reclama a vedan corp · VN · Agriculture and Food Productionransomincransom reclama a reatile.co.za · ZA · Not Foundransomincransom reclama a V&P Nurseries · US · Agriculture and Food Productionransomqilin reclama a Powder River Heating & Air Conditioning · US · Consumer Servicesransomqilin reclama a Droguería Martorani · AR · Consumer Servicesransomthegentlemen reclama a Military Sealift Command · US · Transportation/Logisticsransomthegentlemen reclama a Advantage Home Health Care · US · Healthcareransomthegentlemen reclama a Sunway Scientific · TW · Manufacturingransomqilin reclama a Cafar · AR · Agriculture and Food Productionransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturing
← All CVEs
CVE WatchJul 15, 2026

CVE-2026-50657

Exposure of private personal information to an unauthorized actor in Microsoft Defender allows an authorized attacker to disclose informatio

CVSS

4.7

Medium

EPSS

0.4%

p33

KEV

Exploit Today

10

0-100

Published: Jul 14, 2026 · Last modified: Jul 15, 2026 · CWE-359

EPSS · 30d
0.4%EPSS · 30 days0.4%
2026-07-152026-07-17
Technical description

Exposure of private personal information to an unauthorized actor in Microsoft Defender allows an authorized attacker to disclose information locally.

Official references
Related CVEs
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-342267.5 HIG
36.9%
11Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin (`window.location`) instead of the request target URL when `fetch(..., { credentials: "include" })` is used. This can leak cookies from origin A to destination B. Version 20.8.9 fixes the issue.3d
CVE-2025-658577.5 HIG
29.6%
9An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.13d
CVE-2026-623287.5 HIG
29.3%
99Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation histories including system prompts, user messages, assistant responses, tool calls, and user email addresses by querying the request-logs and request-details API routes which lack authentication middleware.2d
CVE-2026-561247.5 HIG
28.8%
9phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any page of the application. The index model executes an unbounded SELECT query and embeds the complete JSON-encoded result set in an inline script block, exposing uploader IP addresses, Argon2ID key hashes, internal filenames, and SHA-256 fingerprints.3d
CVE-2026-579606.5 MED
26.1%
8Hi.Events through 1.9.0 public check-in list endpoints use short_id as sole access control, allowing unauthenticated access to retrieve full attendee lists including emails and personal information. Attackers with knowledge of the short_id can call GET /api/public/check-in-lists/{short_id}/attendees to read attendee data and create or delete check-in records without authentication.3d
CVE-2026-582977.1 HIG
22.9%
7Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.11d