CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

9,867 vulnerabilities with CWE-200
CVE-2026-22015 MEDIUM
Oracle MySQL Server 8.0.0-8.0.45 - Info Disclosure
CVSS 4.3
CVE-2026-22007 LOW
Oracle Java SE 8u481 - Vulnerability
CVSS 2.9
CVE-2026-22006 MEDIUM
Oracle PeopleSoft HCM HR 9.2 - RCE
CVSS 5.4
CVE-2026-22001 LOW
MySQL Server 8.0.0-8.0.45 - Info Disclosure
CVSS 2.7
CVE-2026-21999 MEDIUM
Oracle Database Server 23.4.0-23.26.1 - Info Disclosure
CVSS 5.3
CVE-2026-40908 MEDIUM
WWBN AVideo has an Unauthenticated Information Disclosure via git.json.php that Exposes Developer Emails and Deployed Version
CVSS 5.3
CVE-2026-40885 HIGH
goshs: Public collaborator feed leaks .goshs ACL credentials and enables unauthorized access
CVSS 8.8
CVE-2026-41183 MEDIUM
FreeScout allows non-folder conversation queries to disclose assigned-only hidden conversations
CVSS 4.3
CVE-2026-40584 HIGH
RansomLook - Improper Filtering of Private Location Entries in API Endpoints Leads to Information Exposure
CVSS 7.5
CVE-2026-40498 CRITICAL
FreeScout has Authentication Bypass and Information Disclosure in SystemController via /system/cron
CVSS 9.8
CVE-2026-6782 HIGH
Information disclosure in the IP Protection component
CVSS 7.5
CVE-2026-6770 MEDIUM
Other issue in the Storage: IndexedDB component
CVSS 6.5
CVE-2026-6756 HIGH
Mitigation bypass in Firefox for Android
CVSS 7.5
CVE-2026-34839 MEDIUM
Glances Vulnerable to Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS
CVSS 6.5
CVE-2026-22051 LOW
Netapp StorageGRID (formerly StorageGRID Webscale) < 11.9.0.13 - Information Disclosure
CVE-2026-40490 MEDIUM
AsyncHttpClient leaks authorization credentials to untrusted domains on cross-origin redirects
CVSS 6.8
CVE-2026-2262 HIGH
Easy Appointments <= 3.12.21 - Unauthenticated Sensitive Information Exposure via REST API
CVSS 7.5
CVE-2026-40293 MEDIUM
OpenFGA Playground Preshared Key Exposure
CVSS 6.5
CVE-2026-6492 MEDIUM
arnobt78 Hotel Booking Management System Health Check Endpoint detailed information disclosure
CVSS 5.3
CVE-2026-23777 MEDIUM
Dell PowerProtect Data Domain < 8.6.0.0 or later - Information Exposure
CVSS 4.3
CVE-2026-40245 HIGH
Free5GC: UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication
CVSS 7.5
CVE-2026-40173 CRITICAL
Dgraph: Unauthenticated pprof endpoint leaks admin auth token
CVSS 9.4
CVE-2026-39857 MEDIUM
Information Disclosure via `choices`/`counts` Query Parameters Bypassing publicApiProjection Field Restrictions
CVSS 5.3
CVE-2026-33888 MEDIUM
ApostropheCMS: publicApiProjection Bypass via `project` Query Builder in Piece-Type REST API
CVSS 5.3
CVE-2026-34244 MEDIUM
Weblate: SSRF via Project-Level Machinery Configuration
CVSS 5.0
Details
Vulnerabilities 9,867
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits