CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,129 vulnerabilities with CWE-200
CVE-2025-24109 MEDIUM
macOS < 13.7.3, < 14.7.3, < 15.3 - Unprotected User Data Exposure via Downgrade Attack
CVSS 5.5
CVE-2025-24102 CRITICAL
iPadOS < 17.7.4 and macOS < 13.7.3, < 14.7.3, < 15.3 - Unauthorized Location Data Exposure
CVSS 9.8
CVE-2025-24360 MEDIUM
Nuxt Vite Builder 3.8.1-3.15.3 - Unauthenticated Exposure of Sensitive Information via Default CORS Settings
CVSS 5.3
CVE-2025-24363 MEDIUM
HL7 FHIR IG Publisher < 1.8.9 - Unauthorized Sensitive Information Exposure via Git Origin URL
CVSS 4.2
CVE-2025-22612 CRITICAL
Coolify < 4.0.0-beta.374 - Authenticated Private Key Exposure and Remote Command Execution
CVSS 10.0
CVE-2025-22607 MEDIUM
Coolify < 4.0.0-beta.361 - Authenticated Information Disclosure via GitHub/GitLab Configuration UUID
CVSS 5.5
CVE-2025-23047 MEDIUM
Cilium 1.14.0-1.14.7, 1.15.0-1.15.11, 1.16.0-1.16.4 - Unauthorized Sensitive Data Exposure via Insecure CORS Header
CVSS 6.5
CVE-2025-24011 MEDIUM
Umbraco CMS 14.0.0-14.3.1 - Unauthenticated User Enumeration via Management API Response Analysis
CVSS 5.3
CVE-2025-0318 MEDIUM
Ultimate Member <2.9.1 - Info Disclosure
CVSS 5.3
CVE-2025-0472 HIGH
PMB < 4.2.13 - Unrestricted File Upload and Information Exposure
CVSS 7.5
CVE-2025-0481 MEDIUM
D-Link DIR-878 1.03 - Info Disclosure
CVSS 5.3
CVE-2025-0441 MEDIUM
Google Chrome <132.0.6834.83 - Info Disclosure
CVSS 6.5
CVE-2025-23074 LOW
Mediawiki - SocialProfile Extension <1.39.11-1.42.2 - Info Disclosure
CVSS 2.4
CVE-2025-23073 LOW
Wikimedia Foundation Mediawiki - GlobalBlocking Extension - Info Di...
CVSS 3.5
CVE-2025-21308 MEDIUM
Windows 10/11, Server 2012/2016 - Sensitive Info Exposure via Theme Spoofing
CVSS 6.5
CVE-2025-21242 MEDIUM
Windows Kerberos - Information Disclosure
CVSS 5.9
CVE-2025-21214 MEDIUM
Windows BitLocker - Information Disclosure
CVSS 4.2
CVE-2025-22138 MEDIUM
codidact/qpixel <= 0.9.0 - Unauthenticated Exposure of Sensitive Information via Suggested Edit Queue
CVE-2025-22828 MEDIUM
Apache CloudStack >= 4.16.0.0 - Authenticated Exposure of Sensitive Information via Annotations API
CVSS 4.3
CVE-2025-0403 MEDIUM
1902756969 reggie 1.0 - Info Disclosure
CVSS 5.3
CVE-2025-21592 MEDIUM
Junos OS SRX Series Authenticated Sensitive Information Exposure via CLI Commands
CVSS 5.5
CVE-2025-21620 HIGH
deno_fetch < 0.204.0 and deno < 2.1.2 - Authorization Header Leak via Redirect Handling
CVSS 7.5
CVE-2025-21615 MEDIUM
AAT < 1.26 - Unauthorized Data Exfiltration via Malicious App
CVSS 5.5
CVE-2025-0227 MEDIUM
Tsinghua Unigroup Electronic Archives System 3.2.210802 - Info Disc...
CVSS 4.3
CVE-2025-0226 MEDIUM
Tsinghua Unigroup Electronic Archives System 3.2.210802 - Info Disc...
CVSS 4.3
Details
Vulnerabilities 10,129
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits