CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,086 vulnerabilities with CWE-200
CVE-2025-12074 MEDIUM
WordPress Context Blog Theme <=1.2.5 - Info Disclosure
CVSS 5.3
CVE-2025-70829 MEDIUM
Datart 1.0.0-rc.3 - Info Disclosure
CVSS 5.7
CVE-2025-65717 MEDIUM
Visual Studio Code Extensions Live Server <5.7.9 - Info Disclosure
CVSS 4.3
CVE-2025-13821 MEDIUM
Mattermost 11.1.x-11.1.2/10.11.x-10.11.9/11.2.x-11.2.1 - Info Discl...
CVSS 5.7
CVE-2025-13973 MEDIUM
StickEasy Protected Contact Form <1.0.2 - Info Disclosure
CVSS 5.3
CVE-2025-68686 MEDIUM
Fortinet FortiOS <7.6.1 - Info Disclosure
CVSS 5.9
CVE-2025-70963 HIGH
gophish <= 0.12.1 - Incorrect Access Control and Insecure Storage of Sensitive API Keys
CVSS 7.6
CVE-2025-61917 HIGH
NPM N8n < 1.114.3 - Information Disclosure
CVSS 7.7
CVE-2025-15508 MEDIUM
Magic Import Document Extractor <1.0.5 - Info Disclosure
CVSS 5.3
CVE-2025-15482 MEDIUM
Chapa Payment Gateway Plugin - Info Disclosure
CVSS 5.3
CVE-2025-52631 LOW
HCL AION 2.0 - Exposure of Sensitive Information via Missing HSTS Header
CVSS 3.7
CVE-2025-65017 MEDIUM
Decidim 0.30.0-0.30.3 and 0.31.0.rc1 - Unauthorized Data Exposure via UUID Collision
CVSS 6.5
CVE-2025-8590 HIGH
AKCE Software Technology R&D Industry and Trade Inc. SKSPro <202702...
CVSS 7.5
CVE-2025-61639 MEDIUM
MediaWiki <1.39.14-1.44.1 - Info Disclosure
CVSS 4.8
CVE-2025-6593 LOW
MediaWiki <1.39.13-1.44.0 - Info Disclosure
CVE-2025-6590 MEDIUM
MediaWiki < 1.39.12, 1.42.76 1.43.1, 1.44.0 - Exposure of Sensitive Information in HTMLUserTextField
CVE-2025-54373 MEDIUM
OpenEMR < 7.0.4 - Unauthorized Exposure of Sensitive Clinical Data
CVSS 6.5
CVE-2025-67274 HIGH
continuous.software aangine 2025.2 - Exposure of Sensitive Information via Excel Integration and Job Listing Endpoints
CVSS 7.5
CVE-2025-6461 MEDIUM
CubeWP Framework <= 1.1.27 - Unauthenticated Information Exposure via Search Feature
CVSS 4.3
CVE-2025-13920 MEDIUM
WP Directory Kit <1.4.9 - Info Disclosure
CVSS 5.3
CVE-2025-52026 HIGH
Aptsys gemscms_backend < 2025-05-28 - Sensitive Information Exposure via /srvs/membersrv/getCashiers
CVSS 7.5
CVE-2025-69822 HIGH
Atomberg Erica Smart Fan Firmware V1.0.36 - Exposure of Sensitive Information via Crafted Deauth Frame
CVSS 7.4
CVE-2025-65098 HIGH
typebot < 3.13.2 - Unauthenticated Credential Theft via Malicious Typebot Preview
CVSS 7.4
CVE-2025-12738 LOW
Neo4j <2025.11.2-5.26.17 - Info Disclosure
CVE-2025-12129 MEDIUM
CubeWP Framework <= 1.1.27 - Unauthenticated Information Exposure via REST API Endpoints
CVSS 5.3
Details
Vulnerabilities 10,086
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits