CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,086 vulnerabilities with CWE-200
CVE-2026-20612 MEDIUM
macOS < 14.8.4, < 15.7.4, < 26.3 - Unprotected User Data Exposure
CVSS 5.5
CVE-2026-20606 HIGH
macOS Tahoe <26.3 - Info Disclosure
CVSS 7.1
CVE-2026-1669 HIGH
Keras 3.0.0-3.13.1 - Arbitrary File Read via HDF5 External Dataset References
CVSS 7.5
CVE-2026-26014 MEDIUM
Pion DTLS 1.0.0-3.0.10 and 3.1.0 - Sensitive Information Exposure via Nonce Reuse
CVSS 5.9
CVE-2026-2317 MEDIUM
Google Chrome <145.0.7632.45 - Info Disclosure
CVSS 6.5
CVE-2026-2295 MEDIUM
WPZOOM Addons for Elementor <= 1.3.2 - Unauthenticated Sensitive Data Exposure
CVSS 5.3
CVE-2026-21260 HIGH
Microsoft Office Outlook - Info Disclosure
CVSS 7.5
CVE-2026-2268 HIGH
Ninja Forms <3.14.0 - Info Disclosure
CVSS 7.5
CVE-2026-24098 MEDIUM
Apache Airflow <3.1.7 - Info Disclosure
CVSS 6.5
CVE-2026-2148 MEDIUM
Tenda AC21 16.03.08.16 - Information Disclosure via Web Management Interface
CVSS 5.3
CVE-2026-2147 MEDIUM
Tenda AC21 16.03.08.16 - Information Disclosure via Web Management Interface
CVSS 5.3
CVE-2026-2207 MEDIUM
Wekan < 8.21 - Information Disclosure in Activity Publication Handler
CVSS 5.3
CVE-2026-2205 MEDIUM
Wekan < 8.21 - Information Disclosure in Meteor Publication Handler
CVSS 4.3
CVE-2026-1727 CRITICAL
Google Cloud Gemini Enterprise < 12/12/2025 - Exposure of Sensitive Information via Predictable GCS Bucket Names
CVE-2026-25650 HIGH
mcp-salesforce-connector < 0.1.10 - Exposure of Sensitive Information via Arbitrary Attribute Access
CVSS 7.5
CVE-2026-2056 MEDIUM
D-Link DIR-605L/DIR-619L 2.06B01/2.13B01 - Info Disclosure
CVSS 5.3
CVE-2026-2055 MEDIUM
D-Link DIR-605L/DIR-619L 2.06B01/2.13B01 - Info Disclosure
CVSS 5.3
CVE-2026-2054 MEDIUM
D-Link DIR-605L/DIR-619L 2.06B01/2.13B01 - Info Disclosure
CVSS 5.3
CVE-2026-24916 MEDIUM
HarmonyOS - Identity Authentication Bypass in Window Module
CVSS 5.9
CVE-2026-21626 HIGH
Forum Post Custom Fields - Info Disclosure
CVSS 7.5
CVE-2026-21532 HIGH
Azure Functions - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 8.2
CVE-2026-25523 MEDIUM
OpenMage Magento-LTS < 20.16.1 - Admin URL Exposure via X-Original-Url Header
CVSS 5.3
CVE-2026-25475 MEDIUM
OpenClaw < 2026.1.30 - Unauthenticated Arbitrary File Read via MEDIA Path Traversal
CVSS 6.5
CVE-2026-20730 LOW
BIG-IP Edge Client - Info Disclosure
CVSS 3.3
CVE-2026-1371 MEDIUM
Tutor LMS < 3.9.5 - Authenticated Sensitive Information Exposure via ajax_coupon_details()
CVSS 5.3
Details
Vulnerabilities 10,086
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits