CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,085 vulnerabilities with CWE-200
CVE-2026-25146 CRITICAL
OpenEMR 5.0.2-7.9.9 - Info Disclosure
CVSS 9.6
CVE-2026-0025 HIGH
Notification.java - Privilege Escalation
CVSS 8.4
CVE-2026-0005 MEDIUM
KeyguardServiceDelegate - Auth Bypass
CVSS 6.2
CVE-2026-28559 MEDIUM
wpForo Forum 2.4.14 - Info Disclosure
CVSS 5.3
CVE-2026-28415 MEDIUM
Gradio < 6.6.0 - Open Redirect via Unvalidated _target_url Parameter
CVSS 4.3
CVE-2026-24498 HIGH
IpTIME T5008/AX2004M/AX3000Q/AX6000M - Info Disclosure
CVSS 7.5
CVE-2026-28276 HIGH
Initiative <0.32.2 - Info Disclosure
CVSS 7.5
CVE-2026-28213 CRITICAL
evershop < 2.1.1 - Unauthenticated Account Takeover via Forgot Password Token Exposure
CVSS 9.8
CVE-2026-27457 MEDIUM
Weblate < 5.16.1 - Unauthorized Addon Information Exposure via REST API
CVSS 4.3
CVE-2026-27162 MEDIUM
Discourse <2025.12.2/2026.1.1/2026.2.0 - Info Disclosure
CVSS 4.9
CVE-2026-2244 HIGH
Google Cloud Vertex AI Workbench - Info Disclosure
CVE-2026-24487 MEDIUM
OpenEMR < 8.0.0 - Unauthenticated Authorization Bypass in FHIR CareTeam Endpoint
CVSS 6.5
CVE-2026-20133 MEDIUM KEV
Cisco Catalyst SD-WAN Manager - Info Disclosure
CVSS 6.5
CVE-2026-27611 MEDIUM
FileBrowser Quantum <1.1.3/1.2.6 - Auth Bypass
CVSS 6.5
CVE-2026-25135 MEDIUM
OpenEMR < 8.0.0 - Unauthorized Information Disclosure via System Export Operation
CVSS 4.5
CVE-2026-3131 MEDIUM
Devolutions Server <2025.3.14.0 - Auth Bypass
CVSS 6.5
CVE-2026-2803 HIGH
Firefox < 148.0 and Thunderbird < 148.0 - Information Disclosure via Settings UI Component
CVSS 7.5
CVE-2026-2783 HIGH
Firefox <148 & ESR <140.8 - Info Disclosure
CVSS 7.5
CVE-2026-23983 MEDIUM
Apache Superset < 6.0.0 - Authenticated Sensitive Data Exposure via Tag Endpoint
CVSS 6.5
CVE-2026-2976 MEDIUM
FastApiAdmin <2.2.0 - Info Disclosure
CVSS 4.3
CVE-2026-2975 MEDIUM
FastApiAdmin <2.2.0 - Info Disclosure
CVSS 5.3
CVE-2026-2894 MEDIUM
funadmin <7.1.0-rc4 - Info Disclosure
CVSS 5.3
CVE-2026-27467 LOW
BigBlueButton <=3.0.19 - Info Disclosure
CVSS 2.0
CVE-2026-27452 MEDIUM
ASN.1 TypeScript ESM <=11.0.5 - Info Disclosure
CVSS 5.3
CVE-2026-2861 MEDIUM
Foswiki < 2.1.11 - Exposure of Sensitive Information via Changes/Viewfile/Oops Component
CVSS 5.3
Details
Vulnerabilities 10,085
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits