CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,081 vulnerabilities with CWE-200
CVE-2026-45553 HIGH
NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()
CVSS 7.5
CVE-2026-45080 MEDIUM
Klaw: Improper Access Control Allows Disclosure of Password Hash
CVE-2026-8993 MEDIUM
Improper URL Handler Processing in D.Launcher 2 enables NTLM Credential Disclosure and SSRF attacks
CVSS 6.5
CVE-2026-28511 MEDIUM
eLabFTW < 5.4.2 - Authenticated Exposure of Sensitive Information via Numeric Reference Search
CVSS 4.3
CVE-2026-40965 CRITICAL
Cloud Foundry UAA v76.12.0-v78.12.0 - EC Private Key Exposure via /token_keys Endpoint
CVSS 10.0
CVE-2026-45286 MEDIUM
Nextcloud Calendar 5.5.13-5.5.16 and 6.2.0-6.2.2 - Authenticated User Enumeration via Attendee Suggestion Endpoint
CVSS 4.3
CVE-2026-45277 LOW
Nextcloud Approval < 2.7.2 - Authenticated Exposure of Sensitive Information via Workflow File Association Check
CVSS 3.3
CVE-2026-45267 MEDIUM
Nextcloud: Missing permission check for from submissions
CVSS 6.5
CVE-2026-10254 MEDIUM
SourceCodester Pet Grooming Management Software admin file information disclosure
CVSS 5.3
CVE-2026-42360 MEDIUM
Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking
CVSS 6.5
CVE-2026-42358 MEDIUM
Apache Airflow: Variable masker depth-limit bypass returns cleartext nested secrets
CVSS 6.5
CVE-2026-45192 MEDIUM
Apache Airflow: Incomplete Redaction of Sensitive Fields in Connection Extra API Response
CVSS 6.5
CVE-2026-48189 MEDIUM
OTRS - Bypass DedicatedAgentToCustomerGroups Setting
CVSS 5.7
CVE-2026-48210 MEDIUM
OTRS - Possible Information Disclosure via External Interface
CVSS 5.7
CVE-2026-2128 MEDIUM
Breeze Cache <= 2.5.2 - Unauthenticated Exposure of Sensitive Information to an Unauthorized Actor via Crafted Login Cookie
CVSS 5.3
CVE-2026-8995 MEDIUM
Poll Maker by AYS <= 6.3.7 - Authenticated (Subscriber+) Sensitive Information Exposure in 'ays_poll_get_user_information' AJAX Action
CVSS 4.3
CVE-2026-9991 LOW
Google Chrome < 148.0.7778.216 - Cross-Origin Data Leak via Media Component
CVSS 3.1
CVE-2026-9981 MEDIUM
Google Chrome < 148.0.7778.216 - Information Disclosure via Skia
CVSS 6.5
CVE-2026-9955 MEDIUM
Google Chrome < 148.0.7778.216 - Cross-Origin Data Leak via Crafted HTML Page
CVSS 4.3
CVE-2026-9929 MEDIUM
Google Chrome < 148.0.7778.216 - Cross-Origin Data Leak via WebGL
CVSS 4.3
CVE-2026-9912 MEDIUM
Google Chrome < 148.0.7778.216 - Information Disclosure via GPU Memory Access
CVSS 6.5
CVE-2026-10011 LOW
Google Chrome < 148.0.7778.216 - Cross-Origin Data Leak via Skia Implementation
CVSS 3.1
CVE-2026-44881 CRITICAL
Portainer: Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
CVSS 9.9
CVE-2026-46841 MEDIUM
Oracle REST Data Services 24.2.0-26.1.0 - Unauthenticated Unauthorized Data Read via HTTPS
CVSS 5.3
CVE-2026-46830 MEDIUM
Oracle REST Data Services 24.2.0-26.1.0 - Unauthenticated Unauthorized Data Read via Mongoapi
CVSS 5.3
Details
Vulnerabilities 10,081
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits