CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,152 vulnerabilities with CWE-200
CVE-2021-20228 HIGH
Ansible Engine 2.9.18 - Exposure of Sensitive Information via Basic.py Module Sub-Option Feature
CVSS 7.5
CVE-2021-29483 CRITICAL
ManageWiki < 2021-04-28 - Exposure of Sensitive Information via Wikiconfig API
CVSS 9.4
CVE-2021-30169 MEDIUM
Meritlilin Webcam Devices - Information Disclosure
CVSS 5.3
CVE-2021-30168 CRITICAL
Meritlilin P2R/P2G Firmware < 7.1.94.8908 - Unauthenticated Credential Exposure
CVSS 9.8
CVE-2021-30638 HIGH
Apache Tapestry <5.6.3, <5.7.0-5.7.1 - Info Disclosure
CVSS 7.5
CVE-2021-31549 MEDIUM
MediaWiki < 1.35.2 - Exposure of Suppressed Usernames via AbuseFilter Examine Form
CVSS 4.3
CVE-2021-31547 MEDIUM
MediaWiki < 1.35.2 - Exposure of Sensitive Information via AbuseFilterCheckMatch API
CVSS 4.3
CVE-2021-31545 MEDIUM
MediaWiki < 1.35.2 - Exposure of Deleted Usernames via AbuseFilter page_recent_contributors
CVSS 5.3
CVE-2021-29450 MEDIUM
WordPress 4.7-5.7 - Authenticated Exposure of Sensitive Information via Editor Block
CVSS 6.5
CVE-2021-27850 CRITICAL
Apache Tapestry 5.4.0-5.6.2 and 5.7.0 - Unauthenticated Remote Code Execution via Asset File URL Blacklist Bypass
CVSS 9.8
CVE-2021-24227 HIGH
Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure
CVSS 7.5
CVE-2021-24226 HIGH
AccessAlly < 3.5.7 - Unauthenticated Sensitive Information Exposure via [accessally_order_form] Shortcode
CVSS 7.5
CVE-2021-25376 LOW
Samsung Email <6.1.41.0 - Info Disclosure
CVSS 3.1
CVE-2021-25375 MEDIUM
Samsung Email <6.1.41.0 - Info Disclosure
CVSS 6.5
CVE-2021-25364 MEDIUM
Secure Folder <SMR APR-2021 Release 1 - Info Disclosure
CVSS 4.0
CVE-2021-25357 MEDIUM
Create Movie <SMR APR-2021 Release 1 - Info Disclosure
CVSS 5.6
CVE-2021-30156 MEDIUM
MediaWiki <1.35.2 - Info Disclosure
CVSS 4.3
CVE-2021-3413 MEDIUM
foreman_azurerm < 2.2.0 - Credential Exposure via API Output
CVSS 6.3
CVE-2021-1406 MEDIUM
Cisco Unified Communications Manager - Authenticated Exposure of Sensitive Information via Downloadable Files
CVSS 4.9
CVE-2021-24170 HIGH
User Profile Picture < 2.5.0 - Exposure of Sensitive Information via REST API get_users Endpoint
CVSS 7.5
CVE-2021-24167 HIGH
web-stat < 1.4.1 - Exposure of Sensitive Information via XMLHttpRequest to External Endpoint
CVSS 7.5
CVE-2021-24164 MEDIUM
Ninja Forms < 3.4.34.1 - Missing Authorization via OAuth Connection URL Retrieval
CVSS 4.3
CVE-2021-24163 HIGH
Ninja Forms < 3.4.34 - Missing Authorization via wp_ajax_ninja_forms_sendwp_remote_install_handler
CVSS 8.8
CVE-2021-21400 HIGH
wire-webapp < 2021-03-15-production.0 - Unauthenticated Exposure of Sensitive Information via App-Lock Passphrase Input
CVSS 7.1
CVE-2021-21421 HIGH
node-etsy-client < 0.3.0 - Sensitive Information Exposure via Error Message
CVSS 8.1
Details
Vulnerabilities 10,152
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits