CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,129 vulnerabilities with CWE-200
CVE-2024-11292 MEDIUM
WP Private Content Plus <3.6.1 - Info Disclosure
CVSS 5.3
CVE-2024-54134 HIGH
solana/web3.js 1.95.6-1.95.7 - Exposure of Sensitive Private Key Material via Compromised Publish Access
CVE-2024-53862 HIGH
Argo Workflows 3.5.7-3.5.12 - Unauthenticated Workflow Archive Access via Spoofed Token
CVSS 7.5
CVE-2024-11961 MEDIUM
Guangzhou Huayi Intelligent Technology Jeewms 3.7 - Info Disclosure
CVSS 5.3
CVE-2024-53859 MEDIUM
go-gh - Info Disclosure
CVSS 6.5
CVE-2024-53858 MEDIUM
GitHub CLI < 2.63.0 - Authentication Token Exposure via Submodule Clone Commands
CVSS 6.5
CVE-2024-52323 HIGH
Zohocorp ManageEngine Analytics Plus <6100 - Info Disclosure
CVSS 8.1
CVE-2024-11083 MEDIUM
ProfilePress <= 4.15.18 - Unauthenticated Sensitive Information Exposure via WordPress Core Search
CVSS 5.3
CVE-2024-8899 MEDIUM
Jeg Elementor Kit <= 2.6.9 - Authenticated Sensitive Information Exposure via Tabs View Render Function
CVSS 4.3
CVE-2024-11265 MEDIUM
Increase Maximum Upload File Size <= 1.1.3 - Authenticated Full Path Disclosure
CVSS 4.3
CVE-2024-7391 MEDIUM
ChargePoint Home Flex Firmware - Unauthenticated Sensitive Information Exposure via Bluetooth Low Energy Wi-Fi Setup
CVSS 5.7
CVE-2024-38647 HIGH
QNAP AI Core <3.4.1 - Info Disclosure
CVSS 7.5
CVE-2024-8929 MEDIUM
PHP 8.1.0-8.1.30 - Out-of-bounds Read via MySQL Client Heap Disclosure
CVSS 5.8
CVE-2024-11089 MEDIUM
Anonymous Restricted Content <= 1.6.5 - Unauthenticated Sensitive Information Exposure via WordPress Core Search
CVSS 5.3
CVE-2024-11088 MEDIUM
Simple Membership < 4.5.5 - Unauthenticated Sensitive Information Exposure via WordPress Core Search
CVSS 5.3
CVE-2024-9542 MEDIUM
Sky Addons for Elementor < 2.6.1 - Authenticated Sensitive Information Exposure via Content Switcher Render Function
CVSS 4.3
CVE-2024-10316 MEDIUM
Stratum - Elementor Widgets <1.4.4 - Info Disclosure
CVSS 4.3
CVE-2024-51163 HIGH
Vegam Solutions Vegam 4i <6.3.47.0 - Info Disclosure
CVSS 7.5
CVE-2024-10365 MEDIUM
The Plus Addons for Elementor < 6.0.3 - Authenticated Sensitive Information Exposure via Widget Render Function
CVSS 4.3
CVE-2024-52506 MEDIUM
Graylog 6.1.0-6.1.1 - Authenticated Information Disclosure via Concurrent Report Rendering
CVSS 6.5
CVE-2024-43416 HIGH
GLPI 0.80-10.0.16 - Unauthenticated User Email Enumeration via Application Endpoint
CVSS 7.5
CVE-2024-45791 HIGH
Apache HertzBeat < 1.6.1 - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 7.5
CVE-2024-52513 LOW
Nextcloud Server 25.0.0-25.0.13.13 and 28.0.0-28.0.11 - Unauthorized Attachment Download via Text File References
CVSS 2.6
CVE-2024-52508 HIGH
Nextcloud Mail 1.9.0-1.14.5 - Unauthenticated Exposure of Sensitive Information via Auto-Configuration Request
CVSS 8.2
CVE-2024-52523 MEDIUM
Nextcloud Server 25.0.0-25.0.13.14 28.0.0-28.0.12 - Information Disclosure via External Storage Credential Exposure
CVSS 4.6
Details
Vulnerabilities 10,129
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits