CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,086 vulnerabilities with CWE-200
CVE-2026-20939 MEDIUM
Windows File Explorer - Info Disclosure
CVSS 5.5
CVE-2026-20937 MEDIUM
Windows File Explorer - Info Disclosure
CVSS 5.5
CVE-2026-20932 MEDIUM
Windows File Explorer - Info Disclosure
CVSS 5.5
CVE-2026-20862 MEDIUM
Windows Management Services - Info Disclosure
CVSS 5.5
CVE-2026-20847 MEDIUM
Windows Shell - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 6.5
CVE-2026-20827 MEDIUM
Tablet Windows UI - Info Disclosure
CVSS 5.5
CVE-2026-20823 MEDIUM
Windows File Explorer - Info Disclosure
CVSS 5.5
CVE-2026-20821 MEDIUM
Windows Remote Procedure Call - Info Disclosure
CVSS 6.2
CVE-2026-20805 MEDIUM KEV
Desktop Windows Manager - Info Disclosure
CVSS 5.5
CVE-2026-0888 MEDIUM
Firefox < 147.0 - Information Disclosure in XML Component
CVSS 5.3
CVE-2026-0883 MEDIUM
Firefox < 147 and 140.7-140.* - Information Disclosure in Networking Component
CVSS 5.3
CVE-2026-22251 MEDIUM
wlc < 1.17.0 - Exposure of Sensitive Information via Unscoped API Key
CVSS 5.3
CVE-2026-22604 MEDIUM
OpenProject 11.2.1-16.6.1 - Unauthenticated Username Enumeration via Password Change Endpoint
CVSS 5.3
CVE-2026-22602 LOW
OpenProject < 16.6.2 - Authenticated Exposure of Sensitive User Information via Sequential User ID Enumeration
CVSS 3.5
CVE-2026-22600 CRITICAL
OpenProject < 16.6.4 - Local File Read via Work Package PDF Export
CVSS 9.1
CVE-2026-0747 LOW
Devolutions Remote Desktop Manager 2025.3.24.0-2025.3.28.0 Sensitive Information Exposure
CVSS 3.3
CVE-2026-21880 MEDIUM
kanboard < 1.2.49 - LDAP Injection in Authentication Mechanism
CVSS 5.3
CVE-2026-20027 MEDIUM
Cisco Secure Firewall Threat Defense (FTD) Software - Unauthenticated Sensitive Information Exposure via DCE/RPC
CVSS 5.3
CVE-2025-69755 HIGH
Neterbit NW-431F Router vNW-431F-20241014-IR03 - RCE & Info Disclosure via at_command.asp
CVSS 8.2
CVE-2025-31985 LOW
HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header
CVSS 3.7
CVE-2025-9987 MEDIUM
Broadstreet <= 1.53.1 - Authenticated (Subscriber+) Information Disclosure
CVSS 5.3
CVE-2025-52613 MEDIUM
HCL BigFix Service Management (SM) is affected by use of a vulnerable component
CVSS 4.6
CVE-2025-31984 LOW
HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header
CVSS 3.7
CVE-2025-31982 LOW
HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directl
CVSS 3.7
CVE-2025-31976 MEDIUM
HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials
CVSS 4.8
Details
Vulnerabilities 10,086
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits