CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,129 vulnerabilities with CWE-200
CVE-2025-25942 MEDIUM
Bento4 1.6.0-641 - Exposure of Sensitive Information via mp4fragment Tool
CVSS 6.5
CVE-2025-20158 MEDIUM
Cisco Video Phone 8875-9800 Series - Info Disclosure
CVSS 4.4
CVE-2025-25468 MEDIUM
FFmpeg < 2025-01-13 - Memory Leak in libavutil/mem.c
CVSS 6.5
CVE-2025-26604 HIGH
Discord-Bot-Framework-Kernel - Code Injection
CVSS 8.3
CVE-2025-22961 HIGH
GatesAir Maxiva UAXT/VAXT - Info Disclosure
CVSS 8.0
CVE-2025-22960 HIGH
GatesAir Maxiva UAXT/VAXT - Info Disclosure
CVSS 8.0
CVE-2025-25281 HIGH
Outbackpower Outback Power Mojave Inverter OHGI8048A Firmware - Information Disclosure
CVSS 7.5
CVE-2025-25195 MEDIUM
Zulip - Unauthorized Exposure of Private Channel Names via Inactive Channel Event Notification
CVSS 4.3
CVE-2025-24408 MEDIUM
Adobe Commerce <= 2.4.8-beta1 - Information Exposure
CVSS 6.5
CVE-2025-0525 HIGH
Octopus Server 2020.6.4592-2024.3.13007 - Unauthorized File Existence Disclosure via Preview Import Feature
CVSS 7.5
CVE-2025-1115 LOW
RT-Thread < 5.1.0 - Information Disclosure via sys_* functions
CVSS 3.3
CVE-2025-20207 MEDIUM
Cisco Secure Email/Web Appliance - Info Disclosure
CVSS 4.3
CVE-2025-24373 MEDIUM
WooCommerce PDF Invoices & Packing Slips < 4.0.0 - Unauthorized PDF Document Access via URL Parameter Tampering
CVSS 6.5
CVE-2025-24899 HIGH
reNgine < 2.2.0 - Authenticated Exposure of Sensitive User Information via /api/listVulnerability/
CVSS 7.5
CVE-2025-22918 HIGH
Polycom RealPresence Group 500 <=20 - Info Disclosure
CVSS 7.5
CVE-2025-23215 CRITICAL
PMD and PMD Designer - Exposure of Sensitive Information via Release Signing Key Passphrase
CVE-2025-24886 HIGH
pwn.college dojo - Symlink Local File Inclusion
CVSS 7.7
CVE-2025-23216 MEDIUM
Argo CD < 2.11.13, 2.13.0-2.13.4 - Sensitive Information Exposure in Error Messages and Diff View
CVSS 6.8
CVE-2025-24884 MEDIUM
kube-audit-rest <1.0.16 - Info Disclosure
CVE-2025-23212 HIGH
Tandoor Recipes < 1.5.28 - Unauthenticated Sensitive Information Exposure via External Storage Feature
CVSS 7.7
CVE-2025-0659 HIGH
Rockwell Automation DataEdge Platform - Path Traversal
CVE-2025-24174 HIGH
macOS < 13.7.3, < 14.7.3, < 15.3 - Privacy Preferences Bypass
CVSS 7.7
CVE-2025-24146 CRITICAL
macOS < 13.7.3, < 14.7.3, < 15.3 - Unprotected User Contact Information Exposure via Messages Conversation Deletion
CVSS 9.8
CVE-2025-24138 MEDIUM
macOS < 13.7.3, < 14.7.3, < 15.3 - Unprotected User Data Exposure
CVSS 5.5
CVE-2025-24134 MEDIUM
macOS < 15.3 - Unprotected User Data Exposure
CVSS 5.5
Details
Vulnerabilities 10,129
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits