CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2023-41745 MEDIUM
Acronis Agent and Cyber Protect - Exposure of Sensitive Information via Excessive System Data Collection
CVSS 5.5
CVE-2023-0238 LOW
WARP Mobile Client <=6.29 - Code Injection
CVSS 3.9
CVE-2023-24959 MEDIUM
IBM InfoSphere Information Server 11.7.0.0-11.7.1.0 and 11.7.0.0-11.7.1.4 - Exposure of Sensitive Information
CVSS 5.3
CVE-2023-39289 HIGH
Mitel MiVoice Connect <= 9.6.2208.101 - Unauthenticated Account Enumeration via Connect Mobility Router
CVSS 7.5
CVE-2023-40580 HIGH
stellar/freighter < 5.3.1 - Unauthorized Exposure of Recovery Mnemonic Phrase
CVSS 8.1
CVE-2023-39519 HIGH
fit2cloud cloudexplorer_lite < 1.4.0 - Exposure of Sensitive Information via User Information Acquisition
CVSS 7.5
CVE-2023-3705 HIGH
CP-Plus NVR Firmware < b3223p22c02424 - Unauthenticated Sensitive Information Disclosure via Web Interface
CVSS 7.5
CVE-2023-4230 MEDIUM
ioLogik 4000 Series <v1.6 - Info Disclosure
CVSS 5.3
CVE-2023-37379 HIGH
Apache Airflow < 2.7.0 - Authenticated Denial of Service via Connection Test Feature
CVSS 8.1
CVE-2023-25913 HIGH
Danfoss AK-SM 800A Firmware < 3.3 - Improper Authentication
CVSS 7.5
CVE-2023-38158 LOW
Microsoft Edge Chromium < 116.0.1938.54 - Information Disclosure
CVSS 3.1
CVE-2023-40735 HIGH
BUTTERFLY BUTTON < 2023-08-21 - Exposure of Sensitive Information via Architecture Flaw
CVSS 7.5
CVE-2023-39974 MEDIUM
AcyMailing 6.7.0-8.7.0 - Unauthenticated Exposure of Sensitive Information via Subscriber List Query
CVSS 5.3
CVE-2023-40348 MEDIUM
Jenkins Gogs Plugin < 1.0.15 - Unauthenticated Job Existence Exposure via Webhook Endpoint
CVSS 5.3
CVE-2023-32495 HIGH
Dell PowerScale OneFS 9.2.1.0-9.2.1.21 and 9.5.0.0-9.5.0.2 - Authenticated Information Disclosure
CVSS 7.8
CVE-2023-2916 HIGH
InfiniteWP Client <= 1.11.1 - Authenticated Sensitive Information Exposure via admin_notice Function
CVSS 7.5
CVE-2023-21267 MEDIUM
Android - Local Information Disclosure via KeyguardViewMediator Logic Error
CVSS 5.5
CVE-2023-40023 MEDIUM
yaklang < 1.2.4-sp1 - Local File Inclusion
CVSS 6.5
CVE-2023-39393 HIGH
Huawei EMUI and HarmonyOS - Insecure Signature Validation in ServiceWifiResources
CVSS 7.5
CVE-2023-39383 HIGH
Huawei EMUI and HarmonyOS - Exposure of Sensitive Information via AMS Module Input Parameter
CVSS 7.5
CVE-2023-29500 MEDIUM
Intel NUC 11 Performance Kit and Mini PC Firmware - Information Disclosure via Local Access
CVSS 5.3
CVE-2023-32561 HIGH
Ivanti Avalanche < 6.4.1 - Exposure of Sensitive Information Leading to Authentication Bypass
CVSS 7.5
CVE-2023-38245 MEDIUM
Adobe Acrobat Reader <23.003.20244 & <20.005.30467 - Info Disclosure
CVSS 5.5
CVE-2023-39951 MEDIUM
OpenTelemetry Java < 1.28.0 - Sensitive Email Content Exposure via AWS SES v1
CVSS 6.5
CVE-2023-36908 MEDIUM
Windows 10, 11, Server 2008-2022 - Information Disclosure via Hyper-V
CVSS 6.5
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits