CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,085 vulnerabilities with CWE-200
CVE-2026-1556 MEDIUM
Information disclosure via file URI overwrite in File (Field) Paths
CVSS 6.5
CVE-2026-4823 LOW
Enter Software Iperius Backup NTLM2 information disclosure
CVSS 2.5
CVE-2026-28878 MEDIUM
iOS and iPadOS < 18.7.7 - Unauthorized App Enumeration
CVSS 6.5
CVE-2026-28877 MEDIUM
iOS/iPadOS <18.7.9, macOS <15.7.5/<14.8.5, visionOS/watchOS <26.4 - Sensitive Data Exposure
CVSS 5.5
CVE-2026-28820 MEDIUM
macOS < 26.4 - Unprotected User Data Exposure
CVSS 5.3
CVE-2026-33353 MEDIUM
Soft Serve: Authenticated repo import can clone server-local private repositories
CVSS 6.5
CVE-2026-33627 MEDIUM
Parse Server: Auth data exposed via /users/me endpoint
CVSS 6.5
CVE-2026-33161 MEDIUM
Craft CMS: Anonymous "assets/image-editor" calls returns private asset editor metadata to unauthorized users
CVSS 4.3
CVE-2026-33677 MEDIUM
Webhook BasicAuth Credentials Exposed to Read-Only Project Collaborators via API
CVSS 6.5
CVE-2026-4712 HIGH
Information disclosure in the Widget: Cocoa component
CVSS 7.5
CVE-2026-4733 MEDIUM
Information disclosure in ixray-1.6-stcop
CVSS 5.3
CVE-2026-23486 MEDIUM
Blinko: Unauthorized User Information Leak
CVSS 5.3
CVE-2026-27131 MEDIUM
Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground
CVSS 5.5
CVE-2026-33422 LOW
Discourse exposes ip_address of flagged user
CVSS 3.5
CVE-2026-33180 HIGH
HAPI FHIR HTTP authentication leak in redirects
CVSS 7.5
CVE-2026-33041 MEDIUM
AVideo <26.0 encryptPass.json.php - Password Hash Oracle
CVSS 5.3
CVE-2026-32938 CRITICAL
SiYuan <3.6.1 Desktop Publish Service - Arbitrary File Read
CVSS 9.9
CVE-2026-32890 CRITICAL
Anchorr: Stored XSS in User Mapping dropdown allows unprivileged Discord users to exfiltrate all secrets via /api/config
CVSS 9.6
CVE-2026-31869 MEDIUM
Discourse: Composer mentions endpoint leaks hidden group membership through PM `allowed_names` check
CVSS 4.3
CVE-2026-30891 MEDIUM
Discourse hasUnauthorized Exposure of Private User Action Types
CVSS 6.5
CVE-2026-29108 MEDIUM
Authenticated SuiteCRM Users Can Retrieve The Password Hash of Any User
CVSS 6.5
CVE-2026-33394 LOW
Discourse leaks PM post edits to moderators
CVSS 2.7
CVE-2026-33355 MEDIUM
Discourse filters whisper posts from private-posts feed
CVSS 6.5
CVE-2026-32099 MEDIUM
Discourse prevents hidden profile data leak via user onebox
CVSS 4.3
CVE-2026-32002 MEDIUM
OpenClaw < 2026.2.23 - Sandbox Boundary Bypass via Image Tool workspaceOnly Bypass
CVSS 5.3
Details
Vulnerabilities 10,085
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits