CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,109 vulnerabilities with CWE-200
CVE-2025-7874 MEDIUM
MetaCRM < 6.4.2 - Information Disclosure via /env.jsp
CVSS 5.3
CVE-2025-7394 CRITICAL
wolfssl 3.15.0-5.8.0 - Use of Cryptographically Weak Pseudo-Random Number Generator via RAND_bytes() After fork()
CVSS 9.8
CVE-2025-50708 HIGH
Perplexity AI GPT-4 <2.51.0 - Info Disclosure
CVSS 7.5
CVE-2025-3415 MEDIUM
Grafana 10.4.x-12.0.x Unauthorized Sensitive Information Exposure via DingDing Alerting
CVSS 4.3
CVE-2025-34130 HIGH
LILIN DVR <2.0b60_20200207 - Info Disclosure
CVE-2025-53840 LOW
Icinga DB Web <1.2.2 - Info Disclosure
CVSS 2.4
CVE-2025-22227 MEDIUM
Reactor Netty HTTP Client - Credential Leak via Chained Redirects
CVSS 6.1
CVE-2025-30758 MEDIUM
Oracle Siebel CRM Deployment 25.0-25.5 - Unauthenticated Exposure of Sensitive Information via User Interface
CVSS 5.3
CVE-2025-53887 MEDIUM
Directus 9.0.0-11.8.0 - Unauthenticated Exposure of Sensitive Version Information via OpenAPI Spec Endpoint
CVSS 5.3
CVE-2025-53886 MEDIUM
Directus 9.0.0-11.8.0 - Sensitive Information Exposure in WebHook Flow Logs
CVSS 4.5
CVE-2025-53640 MEDIUM
Indico 2.2-3.3.6 - Unauthenticated User Information Disclosure via User Detail Endpoint
CVSS 6.5
CVE-2025-7573 MEDIUM
LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P, BL-WR9000 < 20250702 - Information Disclosure
CVSS 5.3
CVE-2025-7572 MEDIUM
LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P, BL-WR9000 < 20250702 - Information Disclosure
CVSS 5.3
CVE-2025-7565 MEDIUM
LB-LINK BL-AC3600 <1.0.22 - Info Disclosure
CVSS 5.3
CVE-2025-6745 MEDIUM
Woodmart < 8.2.5 - Unauthenticated Exposure of Sensitive Information via woodmart_get_posts_by_query()
CVSS 5.3
CVE-2025-4593 MEDIUM
WP Register Profile With Shortcode <3.6.2 - Info Disclosure
CVSS 6.5
CVE-2025-34098 HIGH
Riverbed SteelHead VCX <9.6.0a - Path Traversal
CVE-2025-52473 MEDIUM
liboqs < 0.14.0 - Exposure of Sensitive Information via Secret-Dependent Branches in HQC Key Encapsulation
CVSS 5.9
CVE-2025-53624 CRITICAL
Docusaurus-plugin-content-gists <4.0.0 - Info Disclosure
CVSS 10.0
CVE-2025-53512 MEDIUM
Juju < 2.9.52 - Unauthenticated Sensitive Information Exposure via /log Endpoint
CVSS 6.5
CVE-2025-49671 MEDIUM
Windows Server 2008/2012/2016/2019/2022/2025 Information Disclosure via RRAS
CVSS 6.5
CVE-2025-49664 MEDIUM
Windows User-Mode Driver Framework Host - Information Disclosure
CVSS 5.5
CVE-2025-48808 MEDIUM
Windows Kernel - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 5.5
CVE-2025-47980 MEDIUM
Windows 10/11, Server 2008 Imaging Component Unauthorized Information Disclosure
CVSS 6.2
CVE-2025-20325 LOW
Splunk Enterprise <9.4.3, 9.3.5, 9.2.7, 9.1.10 - Info Disclosure
CVSS 3.1
Details
Vulnerabilities 10,109
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits