CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,081 vulnerabilities with CWE-200
CVE-2026-45300 HIGH
async-http-client: Cookie header not stripped on cross-origin redirect
CVSS 7.4
CVE-2026-46395 CRITICAL
HAX CMS Vulnerable to Private Key Disclosure via Broken HMAC Implementation
CVE-2026-11271 MEDIUM
Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via Passwords UI Gestures
CVSS 6.5
CVE-2026-47655 MEDIUM
Microsoft Graph Information Disclosure Vulnerability
CVSS 6.5
CVE-2026-11209 MEDIUM
Google Chrome < 149.0.7827.53 - Information Disclosure via Passwords Component
CVSS 6.5
CVE-2026-11203 MEDIUM
Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via GPU Implementation
CVSS 6.5
CVE-2026-11182 MEDIUM
Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via SVG
CVSS 6.5
CVE-2026-11180 MEDIUM
Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via SVG
CVSS 6.5
CVE-2026-11168 MEDIUM
Google Chrome < 149.0.7827.53 - Information Disclosure via Extensions
CVSS 6.5
CVE-2026-11162 MEDIUM
Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via CSS
CVSS 4.3
CVE-2026-45739 LOW
Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs
CVSS 3.1
CVE-2026-10864 MEDIUM
MISP Dashboard widget field selection may expose restricted user and organisation data
CVSS 4.3
CVE-2026-10854 MEDIUM
Unauthorized exposure of private galaxies in MISP event template creation
CVSS 4.3
CVE-2026-50224 MEDIUM
Acer Connect M6E 5G Portable WiFi Router - Unauthenticated IPv6 WAN Management Exposure
CVSS 4.9
CVE-2026-50210 HIGH
Acer Connect M6E 5G Portable WiFi Router - Weak Static Cryptographic Initialization Vectors
CVSS 7.5
CVE-2026-49193 HIGH
Acer Connect M6E 5G Portable WiFi Router - Publicly Readable AWS S3 Telemetry Buckets
CVSS 7.5
CVE-2026-49187 HIGH
Acer Connect M6E 5G Portable WiFi Router - Hard-Coded APK Resource Credentials & Scepters
CVSS 7.5
CVE-2026-40495 MEDIUM
FOSSBilling version exposed via asset cache buster
CVE-2026-36618 MEDIUM
Mercusys AC12G (EU) V1 Firmware AC12G(EU)_V1_200909 - Information Disclosure via CHAOS TXT Query
CVSS 4.3
CVE-2026-36615 MEDIUM
Mercusys AC12G (EU) V1 Firmware AC12G(EU)_V1_200909 - Unauthenticated Information Disclosure via Undocumented Endpoint
CVSS 4.3
CVE-2026-36611 HIGH
Mercusys AC12G (EU) V1 - Unauthenticated Information Disclosure via UPnP POST Request
CVSS 7.3
CVE-2026-36602 MEDIUM
Mercusys AC12G (EU) V1 - Unauthenticated Kernel Memory Layout Disclosure via UPnP GetStatusInfo Action
CVSS 4.3
CVE-2026-41032 HIGH
Phoenix Contact CHARX SEC-3xxx < 1.9.0 - Unauthenticated Log File Disclosure
CVSS 7.5
CVE-2026-32625 CRITICAL
LibreChat Exfiltrates Server Secrets via MCP Server URL Injection
CVSS 9.6
CVE-2026-45683 LOW
OpenTelemetry eBPF Instrumentation: Java TLS ioctl kprobe allows kernel memory disclosure
CVSS 3.8
Details
Vulnerabilities 10,081
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits