CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

9,867 vulnerabilities with CWE-200
CVE-2026-28820 MEDIUM
macOS <26.4 - Info Disclosure
CVSS 5.3
CVE-2026-33353 MEDIUM
Soft Serve: Authenticated repo import can clone server-local private repositories
CVSS 6.5
CVE-2026-33627 MEDIUM
Parse Server: Auth data exposed via /users/me endpoint
CVSS 6.5
CVE-2026-33161 MEDIUM
Craft CMS: Anonymous "assets/image-editor" calls returns private asset editor metadata to unauthorized users
CVSS 4.3
CVE-2026-33677 MEDIUM
Webhook BasicAuth Credentials Exposed to Read-Only Project Collaborators via API
CVSS 6.5
CVE-2026-4712 HIGH
Information disclosure in the Widget: Cocoa component
CVSS 7.5
CVE-2026-4733 MEDIUM
Information disclosure in ixray-1.6-stcop
CVSS 5.3
CVE-2026-23486 MEDIUM
Blinko: Unauthorized User Information Leak
CVSS 5.3
CVE-2026-27131 MEDIUM
Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground
CVSS 5.5
CVE-2026-33422 LOW
Discourse exposes ip_address of flagged user
CVSS 3.5
CVE-2026-33180 HIGH
HAPI FHIR HTTP authentication leak in redirects
CVSS 7.5
CVE-2026-33041 MEDIUM
AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php
CVSS 5.3
CVE-2026-32938 CRITICAL
SiYuan has an Arbitrary File Read in its Desktop Publish Service
CVSS 9.9
CVE-2026-32890 CRITICAL
Anchorr: Stored XSS in User Mapping dropdown allows unprivileged Discord users to exfiltrate all secrets via /api/config
CVSS 9.6
CVE-2026-31869 MEDIUM
Discourse: Composer mentions endpoint leaks hidden group membership through PM `allowed_names` check
CVSS 4.3
CVE-2026-30891 MEDIUM
Discourse hasUnauthorized Exposure of Private User Action Types
CVSS 6.5
CVE-2026-29108 MEDIUM
Authenticated SuiteCRM Users Can Retrieve The Password Hash of Any User
CVSS 6.5
CVE-2026-33394 LOW
Discourse leaks PM post edits to moderators
CVSS 2.7
CVE-2026-33355 MEDIUM
Discourse filters whisper posts from private-posts feed
CVSS 6.5
CVE-2026-32099 MEDIUM
Discourse prevents hidden profile data leak via user onebox
CVSS 4.3
CVE-2026-32002 MEDIUM
OpenClaw < 2026.2.23 - Sandbox Boundary Bypass via Image Tool workspaceOnly Bypass
CVSS 5.3
CVE-2026-23659 HIGH
Azure Data Factory Information Disclosure Vulnerability
CVSS 8.6
CVE-2026-32865 CRITICAL
OPEXUS eComplaint and eCase insecure password reset
CVSS 9.8
CVE-2026-2571 MEDIUM
Download Manager <= 3.3.49 - Missing Authorization to Authenticated (Subscriber+) User Email Enumeration via 'user' Parameter
CVSS 4.3
CVE-2026-33163 MEDIUM
Parse Server leaks protected fields via LiveQuery afterEvent trigger
CVSS 6.5
Details
Vulnerabilities 9,867
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits