CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,085 vulnerabilities with CWE-200
CVE-2026-23659 HIGH
Azure Data Factory Information Disclosure Vulnerability
CVSS 8.6
CVE-2026-32865 CRITICAL
OPEXUS eComplaint and eCase insecure password reset
CVSS 9.8
CVE-2026-2571 MEDIUM
Download Manager <= 3.3.49 - Missing Authorization to Authenticated (Subscriber+) User Email Enumeration via 'user' Parameter
CVSS 4.3
CVE-2026-33163 MEDIUM
Parse Server leaks protected fields via LiveQuery afterEvent trigger
CVSS 6.5
CVE-2026-32633 CRITICAL
Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`
CVSS 9.1
CVE-2026-33004 MEDIUM
Jenkins LoadNinja Plugin <=2.1 - Info Disclosure
CVSS 4.3
CVE-2026-32609 HIGH
Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials
CVSS 7.5
CVE-2026-32596 HIGH
Glances exposes the REST API without authentication
CVSS 7.5
CVE-2026-32266 LOW
Craft CMS Google Cloud Storage <2.2.1 - Bucket List Disclosure
CVE-2026-32265 MEDIUM
Amazon S3 for Craft CMS 2.0.2-2.2.4 - Bucket Listing Information Disclosure
CVE-2026-1267 MEDIUM
IBM Planning Analytics Information Disclosure
CVSS 6.5
CVE-2026-28506 MEDIUM
Outline's Information Disclosure in Activity Logs allows User Enumeration of Private Drafts
CVSS 4.3
CVE-2026-4202 MEDIUM
Broken Access Control in extension "Redirect Tab"
CVSS 4.3
CVE-2026-4218 LOW
myAEDES App aedes.me.beta EngageBayUtils.java information disclosure
CVSS 2.5
CVE-2026-2476 HIGH
MS Teams plugin sensitive config values not properly masked in support packets
CVSS 7.6
CVE-2026-22203 MEDIUM
wpDiscuz < 7.6.47 - Unauthenticated OAuth Secret Exposure via Options Export
CVSS 4.9
CVE-2026-32237 MEDIUM
Backstage plugin-scaffolder-backend 3.1.0-3.1.4 - Authenticated Exposure of Sensitive Information via Dry-Run API
CVSS 4.4
CVE-2026-32142 MEDIUM
Shopware <7.8.1/6.10.15 - Info Disclosure
CVSS 5.3
CVE-2026-32100 MEDIUM
Shopware <2.0.16/3.0.12/4.0.7 - Info Disclosure
CVSS 5.3
CVE-2026-29066 MEDIUM
ssw/tinacms/cli < 2.1.8 - Unauthenticated Arbitrary File Read via Vite Dev Server Misconfiguration
CVSS 6.2
CVE-2026-4040 LOW
OpenClaw <2026.2.17 - Info Disclosure
CVSS 3.3
CVE-2026-32098 HIGH
Parse Server <9.6.0-alpha.9/8.6.35 - Info Disclosure
CVSS 7.5
CVE-2026-32094 MEDIUM
Shescape <2.1.10 - Command Injection
CVSS 6.5
CVE-2026-20166 MEDIUM
Splunk Enterprise <10.2.1 - Info Disclosure
CVSS 5.4
CVE-2026-20164 MEDIUM
Splunk Enterprise <10.2.0 - Info Disclosure
CVSS 6.5
Details
Vulnerabilities 10,085
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits