CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,108 vulnerabilities with CWE-200
CVE-2025-12426 MEDIUM
Quiz Maker <= 6.7.0.80 - Unauthenticated Sensitive Information Exposure via ays_quiz_check_answer AJAX Action
CVSS 5.3
CVE-2025-12770 MEDIUM
New User Approve <= 3.0.9 - Unauthenticated Sensitive Information Exposure via Zapier REST API
CVSS 5.3
CVE-2025-64324 HIGH
KubeVirt < 1.6.1 - Arbitrary File Read and Write via hostDisk DiskOrCreate Option
CVSS 7.7
CVE-2025-37160 MEDIUM
ArubaOS-CX 10.10.0000-10.10.1169 - Authenticated Sensitive Information Exposure via Web Management Interface
CVSS 5.3
CVE-2025-54971 MEDIUM
Fortinet FortiADC 6.2.0-7.4.0 - Sensitive Information Exposure via Log File
CVSS 4.3
CVE-2025-12545 MEDIUM
Pixel Manager <1.49.2 - Info Disclosure
CVSS 5.3
CVE-2025-63891 HIGH
SourceCodester Simple Online Book Store System - Info Disclosure
CVSS 7.5
CVE-2025-54345 HIGH
Desktop Alert PingAlert Application Server 6.1.0.11-6.1.1.2 - Exposure of Sensitive Information
CVSS 7.5
CVE-2025-12149 MEDIUM
Search Guard FLX <3.1.2 - Info Disclosure
CVE-2025-11794 MEDIUM
Mattermost 10.5.0-10.5.11, 10.11.0-10.11.3, 10.12.0 - Unauthorized Exposure of Password Hashes and MFA Secrets
CVSS 4.9
CVE-2025-12785 HIGH
HP LaserJet Pro Firmware < 002.2539e - Unauthorized Credential Exposure via Scan/Send Destination Manipulation
CVSS 7.5
CVE-2025-12784 MEDIUM
HP LaserJet Pro Firmware < 002.2539e - Unauthenticated Credential Exposure
CVSS 4.9
CVE-2025-64703 MEDIUM
maxkb < 2.3.1 - Exposure of Sensitive Information via Tool Module Python Code
CVSS 6.3
CVE-2025-12681 MEDIUM
Comment Edit Core - Simple Comment Editing <3.1.0 - Info Disclosure
CVSS 5.3
CVE-2025-64705 MEDIUM
Frappe Learning 2.0.0-2.40.9 - Unauthorized Access to Student Submissions
CVSS 4.3
CVE-2025-20379 LOW
Splunk <10.0.1,9.4.5,9.3.7,9.2.9 - Privilege Escalation
CVSS 3.5
CVE-2025-12732 MEDIUM
WP Import - Ultimate CSV XML Importer <7.33 - Info Disclosure
CVSS 4.3
CVE-2025-62206 MEDIUM
Microsoft Dynamics 365 9.1-<9.1.41.07 - Unauthenticated Exposure of Sensitive Information
CVSS 6.5
CVE-2025-59240 MEDIUM
Microsoft 365 Apps and Excel - Unauthorized Sensitive Information Exposure
CVSS 5.5
CVE-2025-11697 HIGH
Studio 5000 Simulation Interface - Path Traversal
CVE-2025-12010 MEDIUM
Authors List plugin <2.0.6.1 - Info Disclosure
CVSS 6.5
CVE-2025-11997 MEDIUM
Document Pro Elementor - Info Disclosure
CVSS 5.3
CVE-2025-12098 MEDIUM
Academy LMS Pro <= 3.3.8 - Unauthenticated Sensitive Information Exposure via enqueue_social_login_script
CVSS 5.3
CVE-2025-64179 MEDIUM
lakeFS < 1.71.0 - Unauthenticated Exposure of Sensitive Information via Usage Report Endpoint
CVSS 5.3
CVE-2025-55342 MEDIUM
Quipux 4.0.1-e1774ac - Exposure of Sensitive Information via Password Reset Validation
CVSS 5.3
Details
Vulnerabilities 10,108
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits