CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,109 vulnerabilities with CWE-200
CVE-2025-34220 MEDIUM
Vasion Print Virtual Appliance Host < 25.1.102 and Application < 25.1.1413 - Unauthenticated Group Enumeration
CVSS 5.3
CVE-2025-8868 CRITICAL
Chef Automate < 4.13.295 - Authenticated Exposure of Sensitive Information via SQL Command Injection
CVSS 9.8
CVE-2025-11079 MEDIUM
Campcodes Farm Management System 1.0 - Info Disclosure
CVSS 5.3
CVE-2025-45994 HIGH
Aranda PassRecovery 1.0 - Unauthenticated User Enumeration via Active Directory POST Request
CVSS 7.5
CVE-2025-56463 MEDIUM
Mercusys MW305R < 3.30 - TLS Certificate Private Key Exposure
CVSS 6.8
CVE-2025-11028 MEDIUM
givanz Vvveb <1.0.7.2 - Info Disclosure
CVSS 5.3
CVE-2025-11026 LOW
givanz Vvveb <1.0.7.2 - Info Disclosure
CVSS 3.5
CVE-2025-10952 MEDIUM
geyang ml-logger < acf255b - Sensitive Information Exposure via stream_handler
CVSS 5.3
CVE-2025-36601 MEDIUM
Dell PowerScale OneFS 9.5.0.0-9.11.0.0 - Unauthenticated Exposure of Sensitive Information
CVSS 4.0
CVE-2025-59833 HIGH
FlagForge 2.1.0-<2.3 - Unauthorized Exposure of Challenge Hints via API Endpoint
CVSS 7.5
CVE-2025-59535 MEDIUM
Dnnsoftware Dotnetnuke < 10.1.0 - Information Disclosure
CVSS 6.5
CVE-2025-59434 CRITICAL
Flowise <August 2025 - Cross-Tenant Data Exposure
CVSS 9.6
CVE-2025-57441 CRITICAL
Blackmagic ATEM Mini Pro 2.7 - Unauthenticated Sensitive Information Exposure via Telnet Port 9990
CVSS 9.8
CVE-2025-57437 CRITICAL
Blackmagic Web Presenter HD Firmware 3.3 - Unauthenticated Sensitive Information Exposure via Telnet Service
CVSS 9.8
CVE-2025-57433 MEDIUM
2wcom IP-4c 2.15.5 - Authenticated Exposure of Sensitive Information via /cwi/ajax_request/get_data.php
CVSS 6.5
CVE-2025-57430 HIGH
Creacast Creabox Manager 4.4.4 - Unauthenticated Sensitive Information Exposure via /get Endpoint
CVSS 7.5
CVE-2025-59427 LOW
Cloudflare Vite Plugin < 1.6.0 - Unauthenticated Exposure of Sensitive Information via Local Dev Server
CVE-2025-10607 MEDIUM
Portabilis i-educar < 2.10.0 - Exposure of Sensitive Information via /module/Avaliacao/diarioApi
CVSS 4.3
CVE-2025-34185 HIGH
Ilevia EVE X1 Server <= 4.7.18.0.eden - Unauthenticated Arbitrary File Read via db_log Parameter
CVSS 7.5
CVE-2025-10536 MEDIUM
Firefox < 143.0 and < 140.3.0 - Information Disclosure in Networking Cache
CVSS 6.2
CVE-2025-10535 HIGH
Firefox < 143.0 - Information Disclosure and Mitigation Bypass in Privacy Component
CVSS 7.5
CVE-2025-26711 MEDIUM
ZTE T5400 <CR_UNIAGT5400V1.0.0B02 - Unauthenticated Sensitive Information Exposure
CVSS 5.7
CVE-2025-26710 LOW
ZTE T5400 >=CR_UNIAGT5400V1.0.0B02 - Unauthenticated Exposure of Sensitive Information via Improper Access Control
CVSS 3.5
CVE-2025-9808 MEDIUM
The Events Calendar <6.15.2 - Info Disclosure
CVSS 5.3
CVE-2025-43367 MEDIUM
macOS Sonoma <14.8 - Info Disclosure
CVSS 5.5
Details
Vulnerabilities 10,109
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits