CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,119 vulnerabilities with CWE-200
CVE-2025-4659 MEDIUM
WordPress Plugin <1.4.4 - Info Disclosure
CVSS 5.3
CVE-2025-31231 MEDIUM
macOS < 15.4 - Unauthorized Sensitive Location Information Exposure
CVSS 5.5
CVE-2025-47288 LOW
Discourse Policy <0.1.1 - Info Disclosure
CVSS 3.5
CVE-2025-5334 HIGH
Devolutions Remote Desktop Manager < 2025.1.34.0 - Unauthorized Access to Private Information via User Vaults
CVSS 7.5
CVE-2025-5281 MEDIUM
Google Chrome < 137.0.7151.55 - Exposure of Sensitive Information via BFCache
CVSS 5.4
CVE-2025-5064 MEDIUM
Google Chrome <137.0.7151.55 - Info Disclosure
CVSS 5.4
CVE-2025-5266 MEDIUM
Firefox < 128.11.0, 128.11-128.*, < 139.0, >=139 Sensitive Info Exposure via Cross-Origin Script Load Events
CVSS 4.3
CVE-2025-5184 MEDIUM
Summer Pearl Group Vacation Rental Management Platform < 1.0.2 - Information Disclosure via HTTP Response Header
CVSS 4.3
CVE-2025-5098 CRITICAL
PrinterShare < 12.15.01 - Unauthorized Gmail Token Exposure
CVSS 9.1
CVE-2025-48064 LOW
GitHub Desktop <3.4.20-beta3 - Info Disclosure
CVSS 3.3
CVE-2025-4980 MEDIUM
Netgear DGND3700 1.1.00.15_1.00.15NA - Information Disclosure via currentsetting.htm
CVSS 5.3
CVE-2025-4977 MEDIUM
Netgear DGND3700 1.1.00.15_1.00.15NA - Information Disclosure in BRS_top.html
CVSS 5.3
CVE-2025-41230 HIGH
VMware Cloud Foundation - Info Disclosure
CVSS 7.5
CVE-2025-4904 MEDIUM
D-Link DI-7003GV2 24.04.18D1 R(68125) - Information Disclosure in /H5/webgl.data
CVSS 5.3
CVE-2025-4902 MEDIUM
D-Link DI-7003GV2 24.04.18D1 R(68125) - Information Disclosure via versionupdate.data
CVSS 5.3
CVE-2025-4901 MEDIUM
D-Link DI-7003GV2 24.04.18D1 R(68125) - Information Disclosure via state_view.data Endpoint
CVSS 4.3
CVE-2025-4753 MEDIUM
D-Link DI-7003GV2 24.04.18D1 R(68125) - Information Disclosure via /login.data
CVSS 5.3
CVE-2025-4752 MEDIUM
D-Link DI-7003GV2 24.04.18D1 R(68125) - Information Disclosure via /install_base.data
CVSS 5.3
CVE-2025-4751 MEDIUM
D-Link DI-7003GV2 24.04.18D1 R(68125) - Information Disclosure via /index.data
CVSS 5.3
CVE-2025-4750 MEDIUM
D-Link DI-7003GV2 24.04.18D1 R(68125) - Information Disclosure in Configuration Handler
CVSS 5.3
CVE-2025-25370 MEDIUM
realme GT 2 (RMX3311) - Unauthorized Sensitive Information Exposure via Show App Only Setting
CVSS 4.6
CVE-2025-26864 HIGH
Apache IoTDB 0.10.0-1.3.3 and 2.0.1-beta - Sensitive Information Exposure via OpenIdAuthorizer
CVSS 7.5
CVE-2025-26795 HIGH
Apache IoTDB JDBC Driver 0.10.0-1.3.3 and 2.0.1-beta - Sensitive Information Exposure via Log File Insertion
CVSS 7.5
CVE-2025-22895 MEDIUM
Intel(R) Tiber Edge Platform - Info Disclosure
CVSS 5.5
CVE-2025-20624 MEDIUM
Edge Orchestrator - Info Disclosure
CVSS 5.7
Details
Vulnerabilities 10,119
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits