CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,081 vulnerabilities with CWE-200
CVE-2026-22015 MEDIUM
Oracle MySQL Server 8.0.0-8.0.45 - Info Disclosure
CVSS 4.3
CVE-2026-22007 LOW
Oracle Java SE and GraalVM Security Component - Information Disclosure
CVSS 2.9
CVE-2026-22006 MEDIUM
Oracle PeopleSoft HCM Human Resources 9.2 - Unauthorized Data Access
CVSS 5.4
CVE-2026-22001 LOW
MySQL Server 8.0.0-8.0.45 - Info Disclosure
CVSS 2.7
CVE-2026-21999 MEDIUM
Oracle Database Server 23.4.0-23.26.1 - Info Disclosure
CVSS 5.3
CVE-2026-40908 MEDIUM
AVideo <=29.0 git.json.php - Unauthenticated Information Disclosure
CVSS 5.3
CVE-2026-40885 HIGH
goshs: Public collaborator feed leaks .goshs ACL credentials and enables unauthorized access
CVSS 8.8
CVE-2026-41183 MEDIUM
FreeScout allows non-folder conversation queries to disclose assigned-only hidden conversations
CVSS 4.3
CVE-2026-40584 HIGH
RansomLook - Improper Filtering of Private Location Entries in API Endpoints Leads to Information Exposure
CVSS 7.5
CVE-2026-40498 CRITICAL
FreeScout has Authentication Bypass and Information Disclosure in SystemController via /system/cron
CVSS 9.8
CVE-2026-6782 HIGH
Information disclosure in the IP Protection component
CVSS 7.5
CVE-2026-6770 MEDIUM
Mozilla Firefox and Thunderbird 140.10 and 150 - IndexedDB Information Disclosure
CVSS 6.5
CVE-2026-6756 HIGH
Mitigation bypass in Firefox for Android
CVSS 7.5
CVE-2026-31370 MEDIUM
Honor E - Information Disclosure
CVSS 6.3
CVE-2026-34839 MEDIUM
Glances Vulnerable to Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS
CVSS 6.5
CVE-2026-22051 LOW
Netapp StorageGRID (formerly StorageGRID Webscale) < 11.9.0.13 - Information Disclosure
CVE-2026-40490 MEDIUM
AsyncHttpClient leaks authorization credentials to untrusted domains on cross-origin redirects
CVSS 6.8
CVE-2026-2262 HIGH
Easy Appointments <= 3.12.21 - Unauthenticated Sensitive Information Exposure via REST API
CVSS 7.5
CVE-2026-40293 MEDIUM
OpenFGA Playground Preshared Key Exposure
CVSS 6.5
CVE-2026-6492 MEDIUM
arnobt78 Hotel Booking Management System Health Check Endpoint detailed information disclosure
CVSS 5.3
CVE-2026-23777 MEDIUM
Dell PowerProtect Data Domain 7.7.1.0-8.5.0.0, 8.3.1.0-8.3.1.20, 7.13.1.0-7.13.1.50 - Exposure of Sensitive Information
CVSS 4.3
CVE-2026-40245 HIGH
Free5GC: UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication
CVSS 7.5
CVE-2026-40173 CRITICAL
Dgraph: Unauthenticated pprof endpoint leaks admin auth token
CVSS 9.4
CVE-2026-39857 MEDIUM
Information Disclosure via `choices`/`counts` Query Parameters Bypassing publicApiProjection Field Restrictions
CVSS 5.3
CVE-2026-33888 MEDIUM
ApostropheCMS: publicApiProjection Bypass via `project` Query Builder in Piece-Type REST API
CVSS 5.3
Details
Vulnerabilities 10,081
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits