CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,119 vulnerabilities with CWE-200
CVE-2025-4593 MEDIUM
WP Register Profile With Shortcode <3.6.2 - Info Disclosure
CVSS 6.5
CVE-2025-34098 HIGH
Riverbed SteelHead VCX <9.6.0a - Path Traversal
CVE-2025-52473 MEDIUM
liboqs < 0.14.0 - Exposure of Sensitive Information via Secret-Dependent Branches in HQC Key Encapsulation
CVSS 5.9
CVE-2025-53624 CRITICAL
Docusaurus-plugin-content-gists <4.0.0 - Info Disclosure
CVSS 10.0
CVE-2025-53512 MEDIUM
Juju < 2.9.52 - Unauthenticated Sensitive Information Exposure via /log Endpoint
CVSS 6.5
CVE-2025-49671 MEDIUM
Windows Server 2008/2012/2016/2019/2022/2025 Information Disclosure via RRAS
CVSS 6.5
CVE-2025-49664 MEDIUM
Windows User-Mode Driver Framework Host - Information Disclosure
CVSS 5.5
CVE-2025-48808 MEDIUM
Windows Kernel - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 5.5
CVE-2025-47980 MEDIUM
Windows 10/11, Server 2008 Imaging Component Unauthorized Information Disclosure
CVSS 6.2
CVE-2025-20325 LOW
Splunk Enterprise <9.4.3, 9.3.5, 9.2.7, 9.1.10 - Info Disclosure
CVSS 3.1
CVE-2025-34072 CRITICAL
Anthropic's Slack Model Context Protocol Server - Info Disclosure
CVE-2025-49741 HIGH
Microsoft Edge Chromium < 135.0.3179.98 - Unauthenticated Information Disclosure
CVSS 7.4
CVE-2025-6600 MEDIUM
GitHub Enterprise Server 3.17.0-3.17.1 - Exposure of Private Repository Names via Search API
CVSS 4.3
CVE-2025-34064 CRITICAL
OneLogin AD Connector - Info Disclosure
CVE-2025-34062 MEDIUM
OneLogin AD Connector <6.1.5 - Info Disclosure
CVE-2025-34059 HIGH
Dahua Smart Cloud Gateway Registration Management Platform - SQL In...
CVE-2025-34051 MEDIUM
AVTECH DVR - Server-Side Request Forgery
CVE-2025-53003 HIGH
jans-config-api-server < 1.8.0 - Unauthenticated Exposure of Sensitive Information via Missing Scope Verification
CVE-2025-52898 HIGH
frappe < 14.94.3 - Unauthorized Password Reset Token Access
CVSS 8.8
CVE-2025-49845 HIGH
Discourse < 3.4.6 - Exposure of Sensitive Information via Whisper Post Visibility
CVSS 7.5
CVE-2025-27827 HIGH
Mitel MiContact Center Business <10.2.0.3 - Info Disclosure
CVSS 7.1
CVE-2025-6432 HIGH
Firefox < 140.0 - DNS Proxy Bypass via Invalid Domain or Unresponsive SOCKS Proxy
CVSS 8.6
CVE-2025-6425 MEDIUM
Firefox < 115.25.0, 115.25-115.*, 128.12-128.*, >=140 - Exposure of Sensitive Information via WebCompat Extension
CVSS 4.3
CVE-2025-39204 MEDIUM
MicroSCADA X SYS600 10.0-10.7 - Exposure of Sensitive Information via Web Interface Query Filtering
CVSS 6.5
CVE-2025-27387 HIGH
ColorOS - Exposure of Sensitive Information via Weak WiFi Hotspot Password
CVSS 7.4
Details
Vulnerabilities 10,119
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits