CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,099 vulnerabilities with CWE-200
CVE-2025-14507 MEDIUM
EventPrime - Events Calendar, Bookings and Tickets <4.2.7.0 - Info ...
CVSS 5.3
CVE-2025-65090 MEDIUM
XWiki Full Calendar Macro < 2.4.6 - Unauthenticated Exposure of Sensitive Information via Calendar.JSONService
CVSS 5.3
CVE-2025-46676 LOW
Dell PowerProtect Data Domain - Info Disclosure
CVSS 2.7
CVE-2025-14980 MEDIUM
BetterDocs <4.3.3 - Info Disclosure
CVSS 6.5
CVE-2025-14574 MEDIUM
weDocs < 2.1.15 - Unauthenticated Sensitive Information Exposure via REST API Endpoint
CVSS 5.3
CVE-2025-68719 HIGH
KAYSUS KS-WR3600 <1.0.5.9.1 - Info Disclosure
CVSS 8.8
CVE-2025-68718 MEDIUM
KAYSUS KS-WR1200 - Privilege Escalation
CVSS 5.4
CVE-2025-59469 CRITICAL
Veeam Backup & Replication 13.0.0.4967-13.0.1.1071 - Authenticated Arbitrary File Write as Root
CVSS 9.0
CVE-2025-47369 MEDIUM
Qualcomm AR8035 Firmware - Information Disclosure via Weak Session ID Hash in IOCTL Response
CVSS 5.5
CVE-2025-31964 LOW
HCL BigFix IVR 4.2 - Unprotected Administrative Service Exposure
CVSS 2.2
CVE-2025-13371 HIGH
MoneySpace plugin <2.13.9 - Info Disclosure
CVSS 8.6
CVE-2025-12540 MEDIUM
ShareThis Dashboard - Info Disclosure
CVSS 4.7
CVE-2025-13215 MEDIUM
Phlox theme plugin <2.17.13 - Info Disclosure
CVSS 5.3
CVE-2025-69226 MEDIUM
aiohttp < 3.13.3 - Path Traversal in Static File Path Normalization
CVSS 5.3
CVE-2025-68436 MEDIUM
Craft CMS 4.0.0.1-4.16.16 and 5.0.0-RC1-5.8.20 - Authenticated Sensitive Information Exposure via User Profile Photo
CVSS 6.5
CVE-2025-67732 MEDIUM
dify < 1.11.0 - Unauthenticated API Key Exposure via Frontend
CVSS 6.5
CVE-2025-68273 MEDIUM
Signal K Server < 2.19.0 - Unauthenticated Exposure of Sensitive System Information
CVSS 5.3
CVE-2025-61594 HIGH
URI < 0.12.5, 0.13.0-0.13.2, 1.0.0-1.0.3 - Exposure of Sensitive Information via URI Combination Operator
CVSS 7.5
CVE-2025-15103 HIGH
DVP-12SE11T Firmware < 2.16 - Authentication Bypass via Partial Password Disclosure
CVSS 8.1
CVE-2025-14280 MEDIUM
PixelYourSite <11.1.5 - Info Disclosure
CVSS 5.3
CVE-2025-15070 MEDIUM
Gmission Web Fax 3.0 - Exposure of Sensitive Information via Missing Authorization
CVSS 5.5
CVE-2025-15065 MEDIUM
Kings Information & Network Co. KESS Enterprise <*.25.9.19.exe - Pr...
CVSS 6.3
CVE-2025-15141 LOW
Halo < 2.21.10 - Information Disclosure in Configuration Handler
CVSS 3.1
CVE-2025-15121 LOW
JeecgBoot < 3.9.0 - Information Disclosure via getDeptRoleByUserId departId Parameter
CVSS 2.4
CVE-2025-15082 MEDIUM
TOZED ZLT M30s <= 1.47 - Information Disclosure via goformId Parameter
CVSS 5.3
Details
Vulnerabilities 10,099
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits