CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

9,867 vulnerabilities with CWE-200
CVE-2026-3594 MEDIUM
Riaxe Product Customizer <= 2.4 - Unauthenticated Sensitive Information Disclosure via '/orders' REST API Endpoint
CVSS 5.3
CVE-2026-27949 LOW
Plane Exposes User Email (PII and part of credential) in GET Parameter
CVSS 2.0
CVE-2026-39363 HIGH
Vite Affected by Arbitrary File Read via Vite Dev Server WebSocket
CVSS 7.5
CVE-2026-5375 LOW
runZero Platform API credential information leak
CVSS 2.7
CVE-2026-35452 MEDIUM
WWBN AVideo has Unauthenticated Information Disclosure via Missing Auth on CloneSite client.log.php
CVSS 5.3
CVE-2026-35449 MEDIUM
WWBN AVideo has Unauthenticated Information Disclosure via Disabled CLI Guard in install/test.php
CVSS 5.3
CVE-2026-35442 HIGH
Directus: Authenticated Users Can Extract Concealed Fields via Aggregate Queries
CVSS 8.1
CVE-2026-35413 MEDIUM
Directus GraphQL Schema SDL Disclosure Setting
CVSS 5.3
CVE-2026-30613 MEDIUM
AZIOT 1 Node Smart Switch 1.1.9 - Info Disclosure
CVSS 4.6
CVE-2026-5666 MEDIUM
code-projects Online FIR System SQL Database Backup File complaints.sql sensitive information
CVSS 5.3
CVE-2026-34969 HIGH
Nhost Leaks the Refresh Token via URL Query Parameter in OAuth Provider Callback
CVSS 7.5
CVE-2026-5650 MEDIUM
code-projects Online Application System for Admission oas.sql sensitive information
CVSS 5.3
CVE-2026-5601 MEDIUM
Acrel Electrical Prepaid Cloud Platform Backup File bin.rar information disclosure
CVSS 5.3
CVE-2026-5585 MEDIUM
Tencent AI-Infra-Guard Task Detail Endpoint task_manager.go information disclosure
CVSS 5.3
CVE-2026-5571 MEDIUM
Technostrobe HI-LED-WR120-G2 Configuration Data fs information disclosure
CVSS 5.3
CVE-2026-34947 MEDIUM
Discourse: Staged user custom fields are exposed on public invite pages
CVSS 5.3
CVE-2026-27481 MEDIUM
Discourse: Hidden tag visibility bypass on tag routes
CVSS 5.3
CVE-2026-5413 LOW
Newgen OmniDocs GetWebApiConfiguration information disclosure
CVSS 3.7
CVE-2026-35038 MEDIUM
signalk-server: Arbitrary Prototype Read via `from` Field Bypass
CVSS 6.5
CVE-2026-34785 HIGH
Rack: Local file inclusion in `Rack::Static` via URL Prefix Matching
CVSS 7.5
CVE-2026-5032 HIGH
W3 Total Cache <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header
CVSS 7.5
CVE-2026-34518 MEDIUM
AIOHTTP: Cookie and Proxy-Authorization headers leaked on cross-origin redirect
CVSS 5.3
CVE-2026-2696 MEDIUM
Export All URLs < 5.1 - Unauthenticated Sensitive Data Exposure
CVSS 5.3
CVE-2026-5291 MEDIUM
Google Chrome <146.0.7680.178 - Info Disclosure
CVSS 6.5
CVE-2026-3774 MEDIUM
Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor
CVSS 4.7
Details
Vulnerabilities 9,867
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits