CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,081 vulnerabilities with CWE-200
CVE-2026-47165 MEDIUM
ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a challenge–response authentication model
CVSS 4.1
CVE-2026-48855 MEDIUM
SFTP READLINK Leaks Absolute Backend Filesystem Path When Root Is Configured
CVSS 6.5
CVE-2026-45329 HIGH
Espressif ESP-IDF ESP-TEE Secure Services - TEE Memory Disclosure
CVSS 7.1
CVE-2026-36719 HIGH
AgentChat 2.3.0 - Unauthenticated Information Disclosure via User Info Endpoint
CVSS 7.5
CVE-2026-50508 MEDIUM
Microsoft Windows 10 Version 1607 - Windows NTLM Spoofing Vulnerability
CVSS 6.5
CVE-2026-47284 MEDIUM
Visual Studio Code Information Disclosure Vulnerability
CVSS 6.5
CVE-2026-45594 MEDIUM
Microsoft Windows 10 Version 1607 - Windows Application Identity (AppID) Information Disclosure Vulnerability
CVSS 5.5
CVE-2026-42973 MEDIUM
Microsoft Windows 10 Version 1607 - Windows Push Notification Information Disclosure Vulnerability
CVSS 5.5
CVE-2026-42972 MEDIUM
Microsoft Windows 10 Version 1607 - Windows Hyper-V Information Disclosure Vulnerability
CVSS 5.5
CVE-2026-42971 MEDIUM
Microsoft Windows 10 Version 1607 - Windows Push Notification Information Disclosure Vulnerability
CVSS 5.5
CVE-2026-42970 MEDIUM
Microsoft Windows 10 Version 1607 - Windows Push Notification Information Disclosure Vulnerability
CVSS 5.5
CVE-2026-42907 MEDIUM
Microsoft Windows 10 Version 1809 - Windows Shell Information Disclosure Vulnerability
CVSS 6.5
CVE-2026-42906 MEDIUM
Microsoft Windows 10 Version 21H2 - Windows Shell Information Disclosure Vulnerability
CVSS 5.5
CVE-2026-0411 MEDIUM
NETGEAR Orbi Satellites - Administrator Access Information Disclosure
CVE-2026-49742 HIGH
TYPO3 CMS - Broken Access Control in Media Module
CVE-2026-47351 MEDIUM
TYPO3 CMS - Broken Access Control in Clipboard
CVE-2026-7542 MEDIUM
Slider Revolution <= 7.0.10 - Authenticated (Subscriber+) Sensitive Information Disclosure
CVSS 6.5
CVE-2026-34905 MEDIUM
Apache Answer: Unlisted Questions Accessible via Direct API Access
CVSS 6.5
CVE-2026-41980 MEDIUM
Huawei HarmonyOS - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 5.5
CVE-2026-46443 MEDIUM
Flowise: Credential Data Leak
CVSS 6.5
CVE-2026-11464 LOW
JeecgBoot User List Endpoint SysUserController.java queryPageList information disclosure
CVSS 3.1
CVE-2026-11459 LOW
SecureAge CatchPulse IOCTL saappctl.sys information disclosure
CVSS 3.3
CVE-2026-11458 MEDIUM
erzhongxmu JeeWMS Boot Actuator Endpoint actuator information disclosure
CVSS 5.3
CVE-2026-11431 HIGH
Path Traversal in Altium Projects Service Allows Arbitrary File Read
CVE-2026-11424 HIGH
Server-Side Request Forgery in Altium Platform Design GraphQL Service Allows Information Disclosure
Details
Vulnerabilities 10,081
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits