CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,086 vulnerabilities with CWE-200
CVE-2025-31975 LOW
HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified.
CVSS 2.6
CVE-2025-14726 MEDIUM
Widgets for Social Photo Feed < 1.8 - Sensitive Data Exposure & Modification via REST API
CVSS 6.5
CVE-2025-65104 HIGH
Firebird: Information leak vulnerability in firebird3 client when used with newer server
CVSS 7.9
CVE-2025-15625 CRITICAL
Unauthenticated execution of arbitrary SQL queries in Sparx Pro Cloud Server
CVSS 9.8
CVE-2025-12141 MEDIUM
Grafana Alerting Editors can edit destination of webhooks they did not create
CVSS 6.5
CVE-2025-62188 HIGH
Apache DolphinScheduler: Users can access sensitive information through the actuator endpoint.
CVSS 7.5
CVE-2025-67805 MEDIUM
Sage DPW 2025_06_004 - Info Disclosure
CVSS 5.9
CVE-2025-71280 MEDIUM
XenForo Local Account Page Caching Information Disclosure
CVSS 6.2
CVE-2025-15381 HIGH
Unauthorized Access to Tracing and Assessment Endpoints in mlflow/mlflow
CVSS 7.1
CVE-2025-59031 MEDIUM
OX Dovecot Pro <2.3.0 - Info Disclosure
CVSS 4.3
CVE-2025-55276 LOW
HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability
CVSS 3.1
CVE-2025-55272 LOW
HCL Aftermarket DPC is affected by Banner Disclosure vulnerability
CVSS 3.1
CVE-2025-55265 MEDIUM
HCL Aftermarket DPC is affected by File Discovery
CVSS 6.5
CVE-2025-14915 MEDIUM
IBM WebSphere Application Server Liberty is affected by a privilege escalation vulnerability
CVSS 6.5
CVE-2025-60949 CRITICAL
Census CSWeb 8.0.1 - Info Disclosure
CVSS 9.1
CVE-2025-13997 MEDIUM
King Addons for Elementor <= 51.1.49 - Unauthenticated API Keys Disclosure
CVSS 5.3
CVE-2025-52649 LOW
HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature
CVSS 1.8
CVE-2025-66413 HIGH
Git for Windows <2.53.0(2) - Info Disclosure
CVSS 7.4
CVE-2025-68467 LOW
Dark Reader - Info Disclosure
CVSS 3.4
CVE-2025-48642 MEDIUM
Android - Local Information Disclosure in jump_to_payload
CVSS 5.5
CVE-2025-48635 HIGH
TaskFragmentOrganizerController - Privilege Escalation
CVSS 7.7
CVE-2025-64427 HIGH
ZimaOS < 1.5.0 - Authenticated Server-Side Request Forgery via Internal IP Address Targeting
CVSS 7.1
CVE-2025-9908 MEDIUM
Red Hat Ansible Automation Platform - Info Disclosure
CVSS 6.7
CVE-2025-9907 MEDIUM
Red Hat Ansible Automation Platform - Info Disclosure
CVSS 6.7
CVE-2025-13113 MEDIUM
accessiBe WordPress Plugin <=2.11 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 10,086
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits