CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,085 vulnerabilities with CWE-200
CVE-2026-5032 HIGH
W3 Total Cache <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header
CVSS 7.5
CVE-2026-34518 MEDIUM
AIOHTTP: Cookie and Proxy-Authorization headers leaked on cross-origin redirect
CVSS 5.3
CVE-2026-2696 MEDIUM
Export All URLs < 5.1 - Unauthenticated Sensitive Data Exposure
CVSS 5.3
CVE-2026-5291 MEDIUM
Google Chrome <146.0.7680.178 - Info Disclosure
CVSS 6.5
CVE-2026-3774 MEDIUM
Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor
CVSS 4.7
CVE-2026-34215 MEDIUM
Parse Server: Auth data exposed via verify password endpoint
CVSS 6.5
CVE-2026-33300 MEDIUM
Discourse: Hidden group names and access metadata are exposed to moderators through the `category-chatables` endpoint
CVSS 6.5
CVE-2026-33073 MEDIUM
discourse-subscriptions plugin leaking stripe API key in multisite environment
CVSS 5.3
CVE-2026-32951 MEDIUM
Discourse: Authorization bypass in oneboxer via user-controlled category id
CVSS 4.3
CVE-2026-32620 MEDIUM
Discourse: Missing post-level authorization allows whisper metadata disclosure
CVSS 4.3
CVE-2026-32618 MEDIUM
Discourse: Unauthorized channel membership inference via excluded_memberships_channel_id
CVSS 4.3
CVE-2026-32143 MEDIUM
Discourse: Admin-only report can be exported by moderators
CVSS 6.5
CVE-2026-4020 HIGH
Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API
CVSS 7.5
CVE-2026-29872 HIGH
awesome-llm-apps e46690f - Info Disclosure
CVSS 8.2
CVE-2026-34472 HIGH
ZTE ZXHN H188A V6.0.10P2_TE/V6.0.10P3N3_TE - Info Disclosure
CVSS 7.1
CVE-2026-5003 MEDIUM
PromtEngineer localGPT Web api_server.py handle_index information disclosure
CVSS 5.3
CVE-2026-4994 LOW
wandb OpenUI APIStatusError server.py generic_exception_handler information exposure
CVSS 3.5
CVE-2026-1307 MEDIUM
Ninja Forms <= 3.14.1 - Authenticated (Contributor+) Sensitive Information Disclosure via Block Editor Token
CVSS 6.5
CVE-2026-33981 MEDIUM
Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters
CVSS 6.5
CVE-2026-33886 MEDIUM
Statamic's sensitive configuration values are exposed to content editors via Antlers-enabled fields
CVSS 6.5
CVE-2026-33882 MEDIUM
Statamic's Markdown preview endpoint exposes sensitive user data
CVSS 6.5
CVE-2026-31951 MEDIUM
LibreChat's MCP Server Header Injection Enables OAuth Token Theft
CVSS 6.8
CVE-2026-4957 LOW
OpenBMB XAgent API Key function_handler.py FunctionHandler.handle_tool_call log file
CVSS 2.7
CVE-2026-33761 MEDIUM
AVideo: Unauthenticated Access to Scheduler Plugin Endpoints Leaks Scheduled Tasks, Email Content, and User Mappings
CVSS 5.3
CVE-2026-33745 HIGH
cpp-httplib Client Leaks Authentication Credentials to Untrusted Hosts on Cross-Origin HTTP Redirect
CVSS 7.4
Details
Vulnerabilities 10,085
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits