CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,109 vulnerabilities with CWE-200
CVE-2025-54133 CRITICAL
Cursor 1.1.7-1.2 - OS Command Injection via MCP Deeplink Handler
CVSS 9.6
CVE-2025-4523 MEDIUM
IDonate 2.0.0-2.1.9 - Authenticated Sensitive Information Exposure via Missing Capability Check
CVSS 6.5
CVE-2025-54586 HIGH
GitProxy < 1.19.2 - Sensitive Data Exfiltration via Hidden Commit Injection
CVSS 7.1
CVE-2025-45620 HIGH
Aver PTC310UV2 v.0.1.0000.59 - Exposure of Sensitive Information via Crafted Request
CVSS 8.1
CVE-2025-43018 MEDIUM
HP LaserJet Pro Firmware < 002.2508a - Unauthenticated Exposure of Sensitive Information via Local Address Book Query
CVSS 5.3
CVE-2025-54425 MEDIUM
Umbraco CMS 13.0.0-13.9.2, 15.0.0-15.4.1, 16.0.0-16.1.0 - Unauthorized Information Exposure via Content Delivery API
CVSS 5.3
CVE-2025-4426 MEDIUM
InsydeH2O < L05.05.40.011803.172079 - Exposure of Sensitive Information
CVSS 6.0
CVE-2025-43246 MEDIUM
macOS < 14.7.7 - Unprotected User Data Exposure
CVSS 5.5
CVE-2025-43215 MEDIUM
macOS Sequoia <15.6 - Info Disclosure
CVSS 5.5
CVE-2025-43189 CRITICAL
macOS <15.6-14.7.7 - Info Disclosure
CVSS 9.8
CVE-2025-31279 CRITICAL
iPadOS < 17.7.9 and macOS < 13.7.7, < 14.7.7, < 15.6 - User Fingerprinting via Permissions Issue
CVSS 9.8
CVE-2025-50738 CRITICAL
memos < 0.24.3 - Unauthenticated Exposure of Sensitive Information via Markdown Image URL Embedding
CVSS 9.8
CVE-2025-8226 MEDIUM
chancms < 3.1.3 - Information Disclosure via accessKey/secretKey Manipulation
CVSS 4.3
CVE-2025-54380 MEDIUM
Opencast < 17.6 - Insufficiently Protected Credentials via MediaPackage XML Fetch
CVSS 6.5
CVE-2025-29629 CRITICAL
Gardyn Home Kit Firmware < master.619 - Use of Default Credentials
CVSS 9.1
CVE-2025-29628 CRITICAL
Gardyn Home Kit Firmware < master.619 - Exposure of Sensitive Information via Insecure HTTP Connection
CVSS 9.4
CVE-2025-3508 MEDIUM
HP DesignJet Firmware - Unauthenticated Exposure of Sensitive Print Job Information
CVSS 6.5
CVE-2025-30086 MEDIUM
CNCF Harbor <2.13.1-2.12.4 - Info Disclosure
CVSS 4.9
CVE-2025-31955 HIGH
HCL iAutomate - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 7.6
CVE-2025-7780 MEDIUM
WordPress AI Engine <2.9.4 - Info Disclosure
CVSS 6.5
CVE-2025-8039 HIGH
Firefox < 141.0 and Thunderbird < 141.0 - Exposure of Sensitive Information via URL Bar Search Term Persistence
CVSS 8.1
CVE-2025-6082 MEDIUM
Birth Chart Compatibility <2.0 - Info Disclosure
CVSS 5.3
CVE-2025-52372 MEDIUM
hMailServer 5.8.6 - Exposure of Sensitive Information via Installation Files
CVSS 5.1
CVE-2025-7919 MEDIUM
WinMatrix3 Web package < 1.2.39.5 - Unauthenticated SQL Injection
CVSS 6.5
CVE-2025-46382 MEDIUM
Product Version - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 10,109
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits