CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,108 vulnerabilities with CWE-200
CVE-2025-61764 MEDIUM
Oracle WebLogic Server 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 - Unauthenticated Exposure of Sensitive Information via HTTP
CVSS 5.3
CVE-2025-61750 MEDIUM
Oracle PeopleSoft Enterprise PeopleTools 8.61 and 8.62 - Unauthorized Data Access via Query Component
CVSS 4.3
CVE-2025-53066 HIGH
Oracle GraalVM and Java SE - Unauthenticated Exposure of Sensitive Information via JAXP
CVSS 7.5
CVE-2025-53047 MEDIUM
Oracle Database Server 19.3-19.28, 21.3-21.19, 23.4-23.9 - Unauthenticated Exposure of Sensitive Information via Bonjour
CVSS 5.8
CVE-2025-53043 HIGH
Oracle Product Hub 12.2.3-12.2.14 - Unauthorized Data Access and Modification via Item Catalog
CVSS 8.1
CVE-2025-53036 HIGH
Oracle Financial Services Analytical ... - Information Disclosure
CVSS 8.6
CVE-2025-50074 MEDIUM
Oracle Financial Services Revenue Management - Unauthorized Access
CVSS 4.9
CVE-2025-61220 HIGH
AutoBizLine com.mysecondline.app <1.2.91 - Privilege Escalation
CVSS 7.5
CVE-2025-60344 HIGH
D-Link DSR-150, DSR-150N, and DSR-250N v1.09B32_WW - Unauthenticated Path Traversal
CVSS 8.6
CVE-2025-11151 HIGH
CityPLus <V24.29500.1.0 - Info Disclosure
CVSS 8.2
CVE-2025-6239 MEDIUM
Zohocorp ManageEngine Applications Manager <176800 - Info Disclosure
CVSS 6.5
CVE-2025-62699 MEDIUM
The Wikimedia Foundation Mediawiki - Translate Extension <1.39 - In...
CVE-2025-57837 LOW
Tileservice module - Info Disclosure
CVSS 2.9
CVE-2025-57839 MEDIUM
Honor MagicOS < 9.0.0.100 - Information Disclosure in Photo Module
CVSS 4.0
CVE-2025-57838 MEDIUM
Honor MagicOS < 9.0.0.100 - Exposure of Sensitive Information
CVSS 4.0
CVE-2025-10750 MEDIUM
PowerBI Embed Reports <1.2.0 - Info Disclosure
CVSS 5.3
CVE-2025-62669 MEDIUM
The Wikimedia Foundation Mediawiki - CentralAuth Extension <1.39 - ...
CVE-2025-61907 MEDIUM
Icinga 2.4-2.15.0 - Authenticated Information Disclosure via Filter Expression
CVSS 6.5
CVE-2025-53092 MEDIUM
Strapi < 5.20.0 - CORS Misconfiguration via Origin Header Reflection
CVSS 6.5
CVE-2025-11196 MEDIUM
WordPress External Login <1.11.2 - Info Disclosure
CVSS 4.3
CVE-2025-59294 LOW
Windows Taskbar Live - Unauthenticated Exposure of Sensitive Information via Physical Attack
CVSS 2.1
CVE-2025-59284 LOW
Windows 11 22H2-25H2 and Windows Server 2025 - Unauthorized Sensitive Information Exposure via NTLM Spoofing
CVSS 3.3
CVE-2025-59260 MEDIUM
Windows Server 2016/2019/2022/2025 Authenticated Information Disclosure in Failover Cluster Virtual Driver
CVSS 5.5
CVE-2025-59214 MEDIUM
Windows File Explorer - Unauthorized Sensitive Information Exposure via Spoofing
CVSS 6.5
CVE-2025-59211 MEDIUM
Windows 10 1507-22H2, Windows 11 22H2-25H2, Windows Server 2012 - Information Disclosure in Push Notification Core
CVSS 5.5
Details
Vulnerabilities 10,108
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits