CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,129 vulnerabilities with CWE-200
CVE-2024-13546 MEDIUM
GenerateBlocks <1.9.1 - Info Disclosure
CVSS 4.3
CVE-2024-13611 HIGH
Better Messages < 2.6.9 - Unauthenticated Sensitive Information Exposure via Insecure File Storage
CVSS 7.5
CVE-2024-13911 HIGH
Database Backup <2.35 - Info Disclosure
CVSS 7.2
CVE-2024-13568 HIGH
Fluent Support < 1.8.6 - Unauthenticated Sensitive Information Exposure via Uploads Directory
CVSS 7.5
CVE-2024-13638 MEDIUM
Order Attachments for WooCommerce <= 2.5.1 - Unauthenticated Sensitive Information Exposure via Uploads Directory
CVSS 5.9
CVE-2024-13796 MEDIUM
Pickplugins Post Grid < 2.3.7 - Information Disclosure
CVSS 5.3
CVE-2024-38290 MEDIUM
Extreme Networks XIQ-SE < 24.2.11 - User Enumeration via Server Misconfiguration
CVSS 5.3
CVE-2024-12434 MEDIUM
SureMembers <1.10.6 - Info Disclosure
CVSS 5.3
CVE-2024-54961 MEDIUM
Nagios XI 2024R1.2.2 - Unauthenticated Exposure of Sensitive User Information
CVSS 6.5
CVE-2024-57716 HIGH
AutoQueryable 1.7.0 - Exposure of Sensitive Information via Unselectable Function
CVSS 7.5
CVE-2024-13622 HIGH
File Uploads Addon for WooCommerce <= 1.7.1 - Unauthenticated Sensitive Information Exposure via Uploads Directory
CVSS 7.5
CVE-2024-13609 MEDIUM
1 Click WordPress Migration Plugin < 2.2 - Unauthenticated Sensitive Information Exposure via class-ocm-backup.php
CVSS 5.9
CVE-2024-13525 MEDIUM
WooCommerce <2.9.4 - Info Disclosure
CVSS 6.5
CVE-2024-13641 MEDIUM
Return Refund and Exchange For WooCommerce < 4.4.6 - Sensitive Information Exposure
CVSS 5.9
CVE-2024-13606 HIGH
JS Help Desk < 2.8.8 - Unauthenticated Sensitive Information Exposure via jssupportticketdata Directory
CVSS 7.5
CVE-2024-51123 HIGH
Zertificon Z1 SecureMail <4.44.2-7240-debian12 - Info Disclosure
CVSS 7.5
CVE-2024-23563 LOW
HCL Connections Docs - Exposure of Sensitive Information via Improper Request Handling
CVSS 3.9
CVE-2024-13600 HIGH
Majestic Support < 1.0.5 - Unauthenticated Sensitive Information Exposure via Insecure Directory
CVSS 7.5
CVE-2024-44336 MEDIUM
AnkiDroid <2.17.6 - Info Disclosure
CVSS 5.3
CVE-2024-32037 NONE
GeoNetwork <4.2.10, <4.4.5 - Info Disclosure
CVE-2024-52966 LOW
Fortinet FortiAnalyzer 6.4.0-7.6.0 - Exposure of Sensitive Information via Filter Manipulation
CVSS 2.3
CVE-2024-46437 MEDIUM
Tenda W18E V16.01.0.8(1625) - Unauthenticated Sensitive Information Disclosure via getQuickCfgWifiAndLogin Function
CVSS 6.5
CVE-2024-55272 HIGH
Brainasoft Braina <2.8 - Info Disclosure
CVSS 7.5
CVE-2024-43779 HIGH
ClearML Enterprise Server 3.22.5-1533 - Information Disclosure via Vault API
CVSS 7.7
CVE-2024-13829 MEDIUM
Tripetto WordPress Form Builder Plugin < 8.0.8 - Unauthenticated Sensitive Information Exposure via attachments.php
CVSS 5.3
Details
Vulnerabilities 10,129
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits