CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

9,867 vulnerabilities with CWE-200
CVE-2026-7382 MEDIUM
Information Disclosure in MeWare Software's PDKS
CVSS 6.5
CVE-2026-7381 ANALYSIS PENDING
Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting
CVE-2026-7071 MEDIUM
CodeAstro Online Job Portal user-cvs file information disclosure
CVSS 5.3
CVE-2026-7041 LOW
666ghj MiroFish Werkzeug Debugger PIN console information disclosure
CVSS 3.7
CVE-2026-7021 LOW
SmythOS sre Connector Service utils.ts information disclosure
CVSS 3.5
CVE-2026-41492 CRITICAL
Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars in Dgraph
CVSS 9.8
CVE-2026-41079 MEDIUM
OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users
CVSS 4.3
CVE-2026-21515 CRITICAL
Azure IoT Central Elevation of Privilege Vulnerability
CVSS 9.9
CVE-2026-41323 HIGH
Kyverno: ServiceAccount token leaked to external servers via apiCall service URL
CVSS 8.1
CVE-2026-41278 HIGH
Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs
CVE-2026-41266 HIGH
Flowise: Sensitive Data Leak in public-chatbotConfig
CVSS 7.5
CVE-2026-4106 MEDIUM
HT Mega < 3.0.7 – Unauthenticated PII Disclosure
CVSS 5.3
CVE-2026-41182 MEDIUM
LangSmith SDK: Streaming token events bypass output redaction
CVSS 5.3
CVE-2026-4126 MEDIUM
Table Manager <= 1.0.0 - Authenticated (Contributor+) Sensitive Information Exposure via 'table' Shortcode Attribute
CVSS 4.3
CVE-2026-6392 LOW
Tanium addressed an information disclosure vulnerability in Threat Response.
CVSS 2.7
CVE-2026-40895 HIGH
follow-redirects: Custom Authentication Headers Leaked to Cross-Domain Redirect Targets
CVSS 7.5
CVE-2026-34318 MEDIUM
Oracle MySQL Shell 8.0.0-8.0.45 - Privilege Escalation
CVSS 5.8
CVE-2026-34313 MEDIUM
Oracle Financial Services Analytical Applications Infrastructure 8.0.7.9 - Info Disclosure
CVSS 6.5
CVE-2026-34305 HIGH
Oracle WebLogic Server 12.2.1.4.0 - Info Disclosure
CVSS 7.5
CVE-2026-34300 MEDIUM
Oracle PeopleSoft Enterprise FIN Contracts 9.2 - Info Disclosure
CVSS 6.5
CVE-2026-34297 HIGH
Oracle HCM Common Architecture 12.2.3-12.2.15 - Info Disclosure
CVSS 7.5
CVE-2026-34296 MEDIUM
Oracle Agile PLM for Process 6.2.4 - Info Disclosure
CVSS 4.3
CVE-2026-34273 MEDIUM
Oracle GoldenGate 23.4-23.10 - Info Disclosure
CVSS 5.3
CVE-2026-34268 LOW
Oracle Java SE 8u481 - Vuln
CVSS 2.9
CVE-2026-22016 HIGH
Oracle Java SE 8u481 - RCE
CVSS 7.5
Details
Vulnerabilities 9,867
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits