CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,108 vulnerabilities with CWE-200
CVE-2025-29270 CRITICAL
Deep Sea Electronics DSE855 <1.1.26 - Privilege Escalation
CVSS 10.0
CVE-2025-12521 MEDIUM
Analytify Pro <7.0.3 - Info Disclosure
CVSS 5.3
CVE-2025-34272 MEDIUM
Nagios Log Server < 2024R2.0.3 - Unauthorized Information Exposure via Default Dashboard Fallback
CVSS 6.5
CVE-2025-11998 MEDIUM
HP Card Readers B Models - Info Disclosure
CVE-2025-54548 MEDIUM
Platform <version> - Info Disclosure
CVSS 4.3
CVE-2025-11203 LOW
LiteLLM - Authenticated Exposure of Sensitive Information via Health Endpoint API_KEY Parameter
CVSS 3.5
CVE-2025-12148 MEDIUM
Search Guard <3.1.1 - Info Disclosure
CVE-2025-12147 MEDIUM
Search Guard FLX <3.1.1 - Info Disclosure
CVE-2025-60805 HIGH
BESSystem BES Application Server <9.5.x - Info Disclosure
CVSS 7.5
CVE-2025-60858 HIGH
Reolink Video Doorbell Wi-Fi - Info Disclosure
CVSS 7.5
CVE-2025-62524 MEDIUM
PILOS < 4.8.0 - PHP Version Exposure via X-Powered-By Header
CVSS 5.3
CVE-2025-12363 HIGH
BLU-IC2 and BLU-IC4 Firmware < 1.20 - Unauthenticated Email Password Disclosure
CVSS 7.5
CVE-2025-27225 HIGH
TRUfusion Enterprise <= 7.10.4.0 - Admin Contact Portal
CVSS 7.5
CVE-2025-12297 MEDIUM
pybbs < 6.0.0 - Information Disclosure in UserApiController
CVSS 4.3
CVE-2025-61482 HIGH
NetKnights GmbH privacyIDEA Authenticator v.4.3.0 - Auth Bypass
CVSS 7.2
CVE-2025-52268 HIGH
StarCharge Artemis AC Charger <1.0.4 - Code Injection
CVSS 7.5
CVE-2025-61481 CRITICAL
MikroTik RouterOS <7.14.2 & SwOS <2.18 - XSS
CVSS 10.0
CVE-2025-12276 MEDIUM
LearnHouse < 2025-09-21 - Information Disclosure in Image Handler
CVSS 4.3
CVE-2025-11760 MEDIUM
eRoom Webinar & Meeting Plugin - Info Disclosure
CVSS 5.3
CVE-2025-11145 HIGH
CBK Soft Software Hardware Electronic Computer Systems Industry and...
CVSS 7.5
CVE-2025-54966 MEDIUM
BAE SOCET GXP < 4.6.0.2 - Exposure of Sensitive Information via Job Status Service
CVSS 4.3
CVE-2025-6980 HIGH
Arista Next Generation Firewall < 17.3.1 - Sensitive Information Exposure via Captive Portal
CVSS 7.5
CVE-2025-62400 MEDIUM
Moodle 4.1.0-4.1.20 and 5.0.0-beta-5.0.2 - Unauthorized Exposure of Hidden Group Names via Calendar Event Creation
CVSS 4.3
CVE-2025-62604 HIGH
MeterSphere < 2.10.25 - Unauthenticated Exposure of Sensitive User Information
CVSS 7.5
CVE-2025-61885 MEDIUM
Oracle Life Sciences InForm 7.0.1.0 - Unauthorized Data Access via Web Server
CVSS 4.3
Details
Vulnerabilities 10,108
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits