CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,086 vulnerabilities with CWE-200
CVE-2026-0950 MEDIUM
Spectra Gutenberg Blocks - Info Disclosure
CVSS 5.3
CVE-2026-25222 HIGH
PolarLearn <0-PRERELEASE-15 - Info Disclosure
CVSS 7.5
CVE-2026-23743 HIGH
Discourse <3.5.4,2025.11.2,2025.12.1,2026.1.0 - Info Disclosure
CVSS 7.5
CVE-2026-1060 MEDIUM
WP Adminify <4.0.7.7 - Info Disclosure
CVSS 5.3
CVE-2026-0818 MEDIUM
Thunderbird < 140.7.1 and 140.* < 140.7.1 and < 147.0.1 - Information Disclosure via CSS and Remote Content
CVSS 4.3
CVE-2026-24473 MEDIUM
Hono < 4.11.7 - Information Disclosure via Serve Static Middleware Path Validation
CVSS 5.3
CVE-2026-24870 LOW
ixray-team ixray-1.6-stcop < 1.3 - Exposure of Sensitive Information
CVSS 3.7
CVE-2026-1407 LOW
Beetel 777VR1 < 01.00.09_55 - Information Disclosure via UART Interface
CVSS 2.0
CVE-2026-24422 MEDIUM
phpmyfaq < 4.0.17 - Unauthenticated Exposure of Sensitive Information via Public API Endpoints
CVSS 5.3
CVE-2026-0789 HIGH
ALGO 8180 IP Audio Alerter Firmware - Unauthenticated Sensitive Information Exposure via Web UI Response Body
CVSS 7.5
CVE-2026-21524 HIGH
Azure Data Explorer - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 7.4
CVE-2026-20800 MEDIUM
Gitea < 1.25.4 - Exposure of Sensitive Information via Notification API
CVSS 6.5
CVE-2026-21974 MEDIUM
Oracle Life Sciences Central Designer 7.0.1.0 - Unauthenticated Exposure of Sensitive Information via HTTP
CVSS 5.3
CVE-2026-21940 HIGH
Oracle Agile PLM 9.3.6 - Unauthenticated Exposure of Sensitive Information via User and User Group Component
CVSS 7.5
CVE-2026-21928 MEDIUM
Oracle Solaris <11 - Info Disclosure
CVSS 5.3
CVE-2026-0905 CRITICAL
Google Chrome < 144.0.7559.59 - Exposure of Sensitive Information via Network Log File
CVSS 9.8
CVE-2026-1197 LOW
MineAdmin 1.x/2.x - Information Disclosure via /system/downloadById ID Parameter
CVSS 3.1
CVE-2026-1196 LOW
MineAdmin 1.x/2.x - Information Disclosure via /system/getFileInfoById ID Parameter
CVSS 3.1
CVE-2026-1194 MEDIUM
MineAdmin 1.x/2.x - Information Disclosure in Swagger Component
CVSS 5.3
CVE-2026-1175 MEDIUM
birkir prime < 0.4.0 - Information Exposure via GraphQL Directive Handler Error Message
CVSS 5.3
CVE-2026-1170 MEDIUM
birkir prime < 0.4.0 - Information Disclosure via GraphQL API
CVSS 5.3
CVE-2026-22645 MEDIUM
SICK incoming_goods_suite < 1.2.1 - Unauthenticated Exposure of Sensitive Component Information
CVSS 5.3
CVE-2026-22240 HIGH
BLUVOYIX - Unauthenticated Exposure of Sensitive Information via Users API
CVSS 7.5
CVE-2026-22237 CRITICAL
BLUVOYIX - Unauthenticated Exposure of Sensitive API Documentation
CVSS 9.8
CVE-2026-0717 MEDIUM
LottieFiles - Lottie block for Gutenberg <= 3.0.0 - Unauthenticated Sensitive Information Exposure via REST API Endpoint
CVSS 5.3
Details
Vulnerabilities 10,086
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits