CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,081 vulnerabilities with CWE-200

CVE-2026-8706 MEDIUM

Sensitive user data could be leaked to other applications through Reader mode

CVSS 6.5

CVE-2026-8967 HIGH

Information disclosure in the Graphics: WebGPU component

CVSS 7.5

CVE-2026-8966 HIGH

Firefox < 151.0.0 and Thunderbird < 151.0.0 - Information Disclosure in IP Protection Component

CVSS 7.5

CVE-2026-8965 HIGH

Information disclosure in the DOM: Security component

CVSS 7.5

CVE-2026-31909 HIGH

Apache OFBiz: Unauthenticated Shipment Label Image Disclosure

CVSS 7.5

CVE-2026-44408 MEDIUM

Unauthorized access vulnerability in ZTE MU5250

CVSS 6.3

CVE-2026-32244 MEDIUM

Discourse: Cached outdated summaries can leak removed content

CVSS 5.3

CVE-2026-27892 MEDIUM

FacturaScripts: Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download

CVSS 6.5

CVE-2026-39079 HIGH

prestashop upsshipping <=2.4.0 - Info Disclosure

CVSS 7.5

CVE-2026-6347 HIGH

Mattermost Calls plugin exposes TURN server credentials in plaintext in support packets

CVSS 7.6

CVE-2026-6346 HIGH

Sensitive credentials exposed in plaintext in Mattermost support packets

CVSS 8.7

CVE-2026-8766 MEDIUM

Kilo-Org kilocode Environment Variable config.ts load information disclosure

CVSS 4.3

CVE-2026-8750 MEDIUM

h2oai h2o-3 ImportFile API PersistNFS.java importFiles information disclosure

CVSS 5.3

CVE-2026-45351 MEDIUM

Open WebUI: Exposure of System Prompt to Regular User [Non-Admin]

CVSS 6.5

CVE-2026-45387 MEDIUM

Open WebUI: Sharing models for others to use (read permission) also exposes model details (system prompt leakage)

CVSS 4.3

CVE-2026-45539 HIGH

Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree

CVSS 7.4

CVE-2026-41960 MEDIUM

Huawei HarmonyOS/EMUI < 4.3.1 Unauthorized Sensitive Information Exposure

CVSS 5.8

CVE-2026-27886 HIGH

Strapi may leak sensitive data via relational filtering due to lack of query sanitization

CVSS 7.5

CVE-2026-41615 CRITICAL

Microsoft Authenticator Information Disclosure Vulnerability

CVSS 9.6

CVE-2026-42283 HIGH

DevSpace UI Server WebSocket CheckOrigin does not validate source

CVSS 7.7

CVE-2026-0245 MEDIUM

Prisma Access Agent: Information Disclosure Vulnerabilities

CVE-2026-44479 MEDIUM

Vercel: Non-interactive mode includes CLI arguments in suggested command output

CVSS 5.5

CVE-2026-44431 MEDIUM

urllib3: Sensitive headers forwarded across origins in proxied low-level redirects

CVSS 5.3

CVE-2026-41954 MEDIUM

F5 - iControl REST and Tmsh Vulnerability

CVSS 4.9

CVE-2026-41610 MEDIUM

Visual Studio Code Security Feature Bypass Vulnerability

CVSS 6.3

Details

Vulnerabilities 10,081

Exploit Likelihood High

Links