CWE-200
High likelihoodExposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
10,108 vulnerabilities with CWE-200
CVE-2025-12558
MEDIUM
Beaver Builder < 2.9.4 - Authenticated Sensitive Information Exposure via get_attachment_sizes Function
CVSS 4.3
CVE-2025-66330
MEDIUM
File Management App - Info Disclosure
CVSS 4.9
CVE-2025-58279
MEDIUM
HarmonyOS - Exposure of Sensitive Information via Media Library Permission Control
CVSS 4.4
CVE-2025-14198
MEDIUM
Verysync 微力同步 2.21.3 - Info Disclosure
CVSS 5.3
CVE-2025-14197
MEDIUM
Verysync <= 2.21.3 - Information Disclosure in Web Administration Module
CVSS 5.3
CVE-2025-66623
HIGH
Strimzi 0.47.0-0.49.0 - Incorrect Authorization via Kubernetes Role
CVSS 7.4
CVE-2025-13494
MEDIUM
SSP Debug <= 1.0.0 - Unauthenticated Sensitive Information Exposure via Predictable Log Location
CVSS 5.3
CVE-2025-13006
MEDIUM
SurveyFunnel WordPress Plugin <=1.1.5 - Unauthenticated Sensitive Data Exposure via REST API
CVSS 5.3
CVE-2025-10285
HIGH
Simplicity Device Manager - Info Disclosure
CVE-2025-56427
HIGH
Composio 0.7.20 - Directory Traversal via _download_file_or_dir Function
CVSS 7.5
CVE-2025-54304
CRITICAL
Thermo Fisher Ion Torrent OneTouch 2 Firmware - Unauthenticated Exposure of Sensitive Information via X11 Display Server
CVSS 9.8
CVE-2025-11379
MEDIUM
WebP Express <0.25.9 - Info Disclosure
CVSS 5.3
CVE-2025-20383
MEDIUM
Splunk Enterprise <10.0.2,9.4.6,9.3.8,9.2.10 - Info Disclosure
CVSS 4.3
CVE-2025-12585
MEDIUM
MxChat - AI Chatbot for WordPress <2.5.5 - Info Disclosure
CVSS 5.3
CVE-2025-41066
MEDIUM
Horde Groupware 5.2.22 - Unauthenticated User Enumeration via /imp/attachment.php
CVSS 5.3
CVE-2025-41015
HIGH
TCMAN GIM < 2025-04-01 - Unauthenticated User Enumeration via PDAWebService.asmx GetUserQuestionAndAnswer
CVSS 7.5
CVE-2025-41014
HIGH
TCMAN GIM < 2025-04-01 - Unauthenticated User Enumeration via PDAWebService.asmx Username Parameter
CVSS 7.5
CVE-2025-13696
MEDIUM
Zigaform Lite <= 7.6.5 - Unauthenticated Sensitive Information Exposure
CVSS 5.3
CVE-2025-66304
MEDIUM
Grav <1.8.0-beta.27 - Info Disclosure
CVSS 6.2
CVE-2025-13653
MEDIUM
Search Guard FLX <4.0.0 - Info Disclosure
CVSS 4.3
CVE-2025-2879
MEDIUM
Arm 5th Gen & Valhall GPU Kernel Driver r29p0-r54p0 - Sensitive Data Exposure via GPU Processing
CVSS 5.1
CVE-2025-13804
MEDIUM
NutzBoot < 2.6.0-SNAPSHOT - Exposure of Sensitive Information in Ethereum Wallet Handler
CVSS 4.3
CVE-2025-13785
MEDIUM
yungifez Skuul < 2.6.5 - Exposure of Sensitive Information via Image Handler
CVSS 4.3
CVE-2025-66291
MEDIUM
OrangeHRM 5.0-5.7 - Authenticated Improper Authorization in Recruitment Interview Attachment Retrieval
CVSS 4.3
CVE-2025-66290
MEDIUM
OrangeHRM 5.0-5.7 - Authenticated Improper Authorization in Recruitment Attachment Endpoint
CVSS 4.3
Details
Vulnerabilities
10,108
Exploit Likelihood
High