CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,127 vulnerabilities with CWE-200
CVE-2025-29488 MEDIUM
libming 0.4.8 - Memory Leak in parseSWF_INITACTION
CVSS 6.5
CVE-2025-29486 MEDIUM
libming 0.4.8 - Memory Leak in parseSWF_PLACEOBJECT3
CVSS 6.5
CVE-2025-20232 MEDIUM
Splunk Enterprise <9.3.3, 9.2.5, 9.1.8 - Privilege Escalation
CVSS 5.7
CVE-2025-20226 MEDIUM
Splunk <9.4.1, 9.3.3, 9.2.5, 9.1.8 - Privilege Escalation
CVSS 5.7
CVE-2025-26009 HIGH
Telesquare TLR-2005KSH 1.1.4 - Information Disclosure via systemutilit.cgi
CVSS 7.5
CVE-2025-26001 HIGH
Telesquare TLR-2005KSH 1.1.4 - Information Disclosure via getUserNamePassword Parameter
CVSS 7.5
CVE-2025-30353 HIGH
Directus 9.12.0-11.4.9 - Exposure of Sensitive Information via Webhook Flow ValidationError
CVSS 8.6
CVE-2025-30352 MEDIUM
Directus 9.0.0-alpha.4-11.4.9 - Unauthorized Sensitive Information Exposure via Search Query Parameter
CVSS 5.3
CVE-2025-23203 MEDIUM
Icinga Director <1.10.4-1.11.4 - Info Disclosure
CVSS 5.5
CVE-2025-2228 MEDIUM
Responsive Addons for Elementor < 1.6.9 - Sensitive Information Exposure via Registration Email
CVSS 5.7
CVE-2025-30222 LOW
shescape 1.7.2-2.1.1 - Environment Variable Exposure on Windows via CMD Shell
CVE-2025-30214 HIGH
Frappe <14.89.0-15.51.0 - Info Disclosure
CVSS 7.5
CVE-2025-2252 MEDIUM
Easy Digital Downloads <= 3.3.6.1 - Unauthenticated Sensitive Information Exposure via edd_ajax_get_download_title
CVSS 5.3
CVE-2025-30208 MEDIUM
Vite - Arbitrary File Read
CVSS 5.3
CVE-2025-30474 MEDIUM
Apache Commons VFS <2.10.0 - Info Disclosure
CVSS 5.0
CVE-2025-2331 MEDIUM
GiveWP <= 3.22.1 - Authenticated Sensitive Information Exposure
CVSS 5.3
CVE-2025-27785 HIGH
Applio < 3.2.8-bugfix - Arbitrary File Read via train.py export_index Function
CVSS 7.5
CVE-2025-27784 HIGH
Applio < 3.2.8-bugfix - Arbitrary File Read via export_pth Function
CVSS 7.5
CVE-2025-26485 MEDIUM
Beta80 Life <1.5.2.14234 - Info Disclosure
CVSS 5.8
CVE-2025-29781 MEDIUM
Bare Metal Operator < 0.8.1 and 0.9.0 - Unauthorized Secret Access via BMCEventSubscription
CVSS 6.5
CVE-2025-2348 MEDIUM
Iroadau Fx2 Firmware < 2025-03-08 - Information Disclosure
CVSS 4.3
CVE-2025-2277 HIGH
Devolutions Server < 2025.1.3.0 - Password Exposure in Web-Based SSH Authentication
CVSS 7.5
CVE-2025-1636 MEDIUM
Devolutions Remote Desktop Manager < 2024.3.31.0 - Sensitive Information Exposure via Password History
CVSS 6.5
CVE-2025-1635 MEDIUM
Devolutions Remote Desktop Manager < 2024.3.31.0 - Exposure of Sensitive Information via Hub Data Source Export
CVSS 6.5
CVE-2025-25975 HIGH
parse-git-config 3.0.0 - Exposure of Sensitive Information via expandKeys Function
CVSS 7.5
Details
Vulnerabilities 10,127
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits