CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,119 vulnerabilities with CWE-200
CVE-2025-30702 MEDIUM
Oracle Fleet Patching and Provisioning 19.3-19.26 - Unauthenticated Exposure of Sensitive Information via HTTP
CVSS 5.3
CVE-2025-27980 MEDIUM
cashbook 4.0.3 - Unauthenticated Arbitrary File Read via Invoice Parameter
CVSS 6.5
CVE-2025-31494 LOW
AutoGPT Platform < 0.6.1 - Unauthorized Data Access via WebSocket API Subscription
CVSS 3.5
CVE-2025-31491 HIGH
AutoGPT < 0.6.1 - Open Redirect via Request Wrapper
CVSS 8.6
CVE-2025-2881 MEDIUM
Developer Toolbar <= 1.0.3 - Unauthenticated Sensitive Information Exposure via phpinfo.php Script
CVSS 5.3
CVE-2025-2841 MEDIUM
Cart66 Cloud <2.3.7 - Info Disclosure
CVSS 5.3
CVE-2025-32080 MEDIUM
Mediawiki - Mobile Frontend Extension <1.44 - Info Disclosure
CVE-2025-23387 MEDIUM
Rancher 2.8.0-2.8.12, 2.9.0-2.9.6, 2.10.0-2.10.2 - Unauthenticated Sensitive Info Exposure via CLI
CVSS 5.3
CVE-2025-32700 LOW
Wikimedia Foundation AbuseFilter <1.43.1 - Info Disclosure
CVE-2025-32698 LOW
MediaWiki <1.39.12, 1.42.6, 1.43.1 - Info Disclosure
CVE-2025-32395 MEDIUM
NPM Vite < 6.2.6 - Information Disclosure
CVE-2025-30654 MEDIUM
Junos OS & Junos OS Evolved < Multiple Versions - Authenticated Sensitive Information Exposure via 'show mgd' Command
CVSS 5.5
CVE-2025-30291 MEDIUM
ColdFusion <2023.12, 2021.18, 2025.0 - Info Disclosure
CVSS 5.5
CVE-2025-29805 HIGH
Outlook for Android < 4.2509.0 - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 7.5
CVE-2025-27736 MEDIUM
Windows Power Dependency Coordinator - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 5.5
CVE-2025-26667 MEDIUM
Windows Server RRAS Unauthenticated Information Disclosure
CVSS 6.5
CVE-2025-2883 MEDIUM
Contact Form 7 <2.0 - Info Disclosure
CVSS 5.3
CVE-2025-2882 MEDIUM
GreenPay(tm) by Green.Money 3.0.0-3.0.9 - Unauthenticated Sensitive Information Exposure via phpinfo.php
CVSS 5.3
CVE-2025-3403 LOW
Vivotek NVR <4.2.0.101 - Info Disclosure
CVSS 2.7
CVE-2025-31492 HIGH
mod_auth_openidc <2.4.16.11 - Info Disclosure
CVE-2025-31486 MEDIUM
Vite server.fs.deny Bypass - Local File Inclusion
CVSS 5.3
CVE-2025-31127 MEDIUM
Element X Android <25.03.3 - Info Disclosure
CVSS 5.3
CVE-2025-31126 MEDIUM
Element X iOS <25.03.7 - Info Disclosure
CVSS 5.3
CVE-2025-30218 MEDIUM
Next.js <12.3.6, <13.5.10, <14 - SSRF
CVSS 5.9
CVE-2025-2842 MEDIUM
Tempo Operator - Privilege Escalation
CVSS 4.3
Details
Vulnerabilities 10,119
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits