CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,129 vulnerabilities with CWE-200
CVE-2024-11295 MEDIUM
Simple Page Access Restriction <1.0.29 - Info Disclosure
CVSS 5.3
CVE-2024-12250 MEDIUM
Accept Authorize.NET Payments Using Contact Form 7 <2.2 - Info Disc...
CVSS 5.3
CVE-2024-10356 MEDIUM
ElementsReady Addons for Elementor <= 6.4.8 - Authenticated Sensitive Information Exposure in Accordion Widget
CVSS 4.3
CVE-2024-11280 MEDIUM
PPWP - Password Protect Pages <= 1.9.5 - Unauthenticated Sensitive Information Exposure via WordPress Core Search
CVSS 5.3
CVE-2024-8326 HIGH
s2Member < 241114 - Authenticated Sensitive Information Exposure via sc_get_details Function
CVSS 8.8
CVE-2024-11294 MEDIUM
Memberful plugin <1.73.9 - Info Disclosure
CVSS 5.3
CVE-2024-35230 MEDIUM
GeoServer 2.0.0-2.25.0 - Information Disclosure via Version and Revision Data
CVSS 5.3
CVE-2024-55951 MEDIUM
Metabase <1.52.2.4 - Info Disclosure
CVE-2024-12578 MEDIUM
Tickera - WordPress Event Ticketing <3.5.4.8 - Info Disclosure
CVSS 5.3
CVE-2024-55946 HIGH
Playloom Engine <0.0.1 - Info Disclosure
CVE-2024-9945 MEDIUM
Fortra's GoAnywhere MFT <7.7.0 - Info Disclosure
CVSS 5.3
CVE-2024-55875 CRITICAL
http4k-format-xml 5.0.0.0-5.41.0.0 - XML External Entity Injection
CVSS 9.8
CVE-2024-54119 MEDIUM
HarmonyOS - Exposure of Sensitive Information via UIExtension Module
CVSS 6.2
CVE-2024-54117 MEDIUM
HarmonyOS - Exposure of Sensitive Information via UIExtension Module
CVSS 6.2
CVE-2024-12564 MEDIUM
Open Design Alliance CDE inWEB SDK <2025.3 - Info Disclosure
CVE-2024-12329 MEDIUM
Essential Real Estate < 5.1.6 - Authenticated Unauthorized Data Access via Missing Capability Check
CVSS 4.3
CVE-2024-12255 MEDIUM
Accept Stripe Payments Using Contact Form 7 <= 2.5 - Unauthenticated Information Exposure via cf7sa-info.php
CVSS 5.3
CVE-2024-11351 MEDIUM
WordPress Restrict <2.2.8 - Info Disclosure
CVSS 5.3
CVE-2024-11008 MEDIUM
The Members - Membership & User Role Editor Plugin <3.2.10 - Info D...
CVSS 5.3
CVE-2024-53245 LOW
Splunk Enterprise <9.1.7, 9.2.4, 9.3.0 & Splunk Cloud <9.1.2312.206 - Unauthorized Dashboard Info Exposure
CVSS 3.1
CVE-2024-53244 MEDIUM
Splunk < 9.1.7 - Information Disclosure
CVSS 5.7
CVE-2024-53243 MEDIUM
Splunk Enterprise <9.3.2, 9.2.4, 9.1.7 - Info Disclosure
CVSS 4.3
CVE-2024-11106 MEDIUM
Simple Restrict <1.2.7 - Info Disclosure
CVSS 5.3
CVE-2024-54151 HIGH
Directus <11.3.0 - Privilege Escalation
CVSS 7.5
CVE-2024-54137 HIGH
liboqs < 0.12.0 - Exposure of Sensitive Information via HQC Key Encapsulation Indexing Error
CVSS 7.4
Details
Vulnerabilities 10,129
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits