CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,129 vulnerabilities with CWE-200
CVE-2024-56197 LOW
Discourse - Unauthorized Exposure of PM Titles and Metadata via PM Tags Feature
CVSS 2.2
CVE-2024-56902 HIGH
Geovision GV-ASManager <6.1.0.0 - Info Disclosure
CVSS 7.5
CVE-2024-34897 HIGH
Nedis SmartLife <1.4.0 - Info Disclosure
CVSS 7.5
CVE-2024-11741 MEDIUM
Grafana 10.4.0-10.4.14, 11.1.0-11.1.10, 11.2.0-11.2.5, 11.3.0-11.3.2, 11.4.0 - VictorOps Credential Exposure
CVSS 4.3
CVE-2024-13623 MEDIUM
WooCommerce Order Export <3.24 - Info Disclosure
CVSS 5.9
CVE-2024-23962 MEDIUM
Alpine Halo9 ilx-f509 Firmware - Unauthenticated Sensitive Information Exposure via DLT Interface
CVSS 5.3
CVE-2024-23937 MEDIUM
Silicon Labs Gecko OS - Unauthenticated Sensitive Information Exposure via Debug Interface Format String
CVSS 4.3
CVE-2024-8494 MEDIUM
Elementor Website Builder Pro <3.25.10 - Info Disclosure
CVSS 4.3
CVE-2024-48310 HIGH
AutoLib Software Systems OPAC <20.10 - Info Disclosure
CVSS 7.5
CVE-2024-54550 MEDIUM
iPadOS < 18.2 - Unauthorized Exposure of Autocompleted Contact Information in System Logs
CVSS 4.0
CVE-2024-54547 MEDIUM
macOS < 13.7.2, < 14.7.2, < 15.2 - Unprotected User Data Exposure
CVSS 5.5
CVE-2024-54475 LOW
macOS < 13.7.2, < 14.7.2, < 15.2 - Unprotected User Location Exposure via Log Entries
CVSS 3.3
CVE-2024-11090 MEDIUM
Membership Plugin - Restrict Content <= 3.2.13 - Unauthenticated Sensitive Information Exposure
CVSS 5.3
CVE-2024-13562 HIGH
Import WP <= 2.14.5 - Unauthenticated Sensitive Information Exposure
CVSS 7.5
CVE-2024-52975 CRITICAL
Elastic Fleet Server 8.13.0-8.14.2 - Sensitive Information Exposure via Log Files
CVSS 9.0
CVE-2024-43707 HIGH
Kibana 8.7.0-8.14.3 - Unauthorized Exposure of Elastic Agent Policy Information
CVSS 7.7
CVE-2024-49734 HIGH
Android - VPN Site Information Disclosure via Wi-Fi AP Side Channel
CVSS 7.5
CVE-2024-49733 MEDIUM
ServiceListing.java - Info Disclosure
CVSS 5.5
CVE-2024-12142 HIGH
Schneider Electric Modicon M340 & BMXNOE0100/BMXNOE0110/BMXNOR0200H - DoS & Info Disclosure via Web Manipulation
CVSS 8.6
CVE-2024-12637 MEDIUM
Moving Users plugin <1.05 - Info Disclosure
CVSS 5.3
CVE-2024-56136 MEDIUM
Zulip Server 7.0-9.4 - Unauthenticated Email Address Enumeration
CVSS 5.3
CVE-2024-48125 HIGH
HI-SCAN 6040i Hitrax HX-03-19-I - Info Disclosure
CVSS 7.5
CVE-2024-50338 HIGH
Git Credential Manager < 2.6.1 - Credential Leak via CR Line Ending Mismatch
CVSS 7.4
CVE-2024-12008 MEDIUM
W3 Total Cache <= 2.8.1 - Unauthenticated Sensitive Information Exposure via Debug Log File
CVSS 5.3
CVE-2024-42179 LOW
HCL MyXalytics - Sensitive Information Exposure via HTTP Response Header
CVSS 2.0
Details
Vulnerabilities 10,129
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits