CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,085 vulnerabilities with CWE-200
CVE-2026-1867 MEDIUM
Guest Posting Plugin <5.0.6 - Info Disclosure
CVSS 5.9
CVE-2026-31837 HIGH
Istio <1.29.1/1.28.5/1.27.8 - Auth Bypass
CVSS 7.5
CVE-2026-30933 HIGH
FileBrowser Quantum <1.3.1-beta/1.2.2-stable - Info Disclosure
CVSS 7.5
CVE-2026-30928 HIGH
Glances < 4.5.1 - Unauthenticated Sensitive Information Exposure via API Config Endpoint
CVSS 7.5
CVE-2026-25186 MEDIUM
Windows Accessibility Infrastructure - Info Disclosure
CVSS 5.5
CVE-2026-25185 MEDIUM
Windows Shell Link Processing - Info Disclosure
CVSS 5.3
CVE-2026-30852 HIGH
Caddy 2.7.5-2.11.2 - Info Disclosure
CVSS 7.5
CVE-2026-29787 MEDIUM
mcp-memory-service <10.21.0 - Info Disclosure
CVSS 5.3
CVE-2026-29779 HIGH
UptimeFlare <377a596 - Info Disclosure
CVSS 7.5
CVE-2026-30829 MEDIUM
bluewavelabs/checkmate < 3.4.0 - Unauthenticated Exposure of Sensitive Information via Status Page API
CVSS 5.3
CVE-2026-27796 MEDIUM
homarr < 1.54.0 - Unauthenticated Sensitive Information Exposure via tRPC Integration Endpoint
CVSS 5.3
CVE-2026-30244 HIGH
Plane < 1.2.2 - Unauthenticated Sensitive Information Disclosure via Django REST Framework Permission Misconfiguration
CVSS 7.5
CVE-2026-30233 MEDIUM
olivetin < 3000.11.1 - Authenticated Information Disclosure via Dashboard and API Endpoints
CVSS 6.5
CVE-2026-30847 MEDIUM
Wekan 8.31.0-8.33 - Info Disclosure
CVSS 6.5
CVE-2026-30846 HIGH
Wekan 8.31.0-8.33 - Info Disclosure
CVSS 7.5
CVE-2026-30845 HIGH
Wekan 8.31.0-8.33 - Info Disclosure
CVSS 8.2
CVE-2026-28682 MEDIUM
Gokapi < 2.2.3 - Authenticated Improper Access Control via Upload Status SSE
CVSS 6.4
CVE-2026-28675 MEDIUM
OpenSift <1.6.3-alpha - Info Disclosure
CVSS 5.3
CVE-2026-2589 MEDIUM
Greenshift Plugin <12.8.3 - Info Disclosure
CVSS 5.3
CVE-2026-28492 MEDIUM
File Browser <2.61.0 - Path Traversal
CVSS 6.5
CVE-2026-28434 MEDIUM
cpp-httplib <0.35.0 - Info Disclosure
CVSS 5.3
CVE-2026-3058 MEDIUM
Seraphinite Accelerator <2.28.14 - Info Disclosure
CVSS 4.3
CVE-2026-2747 HIGH
SEPPmail Secure Email Gateway <15.0.1 - Info Disclosure
CVSS 7.5
CVE-2026-2025 HIGH
Mail Mint WordPress Plugin <1.19.5 - Info Disclosure
CVSS 7.5
CVE-2026-1980 MEDIUM
WPBookit Plugin for WordPress <=1.0.8 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 10,085
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits