CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,129 vulnerabilities with CWE-200
CVE-2024-52517 MEDIUM
Nextcloud Server 25.0.0-25.0.13/28.0.0-28.0.11 - Sensitive Info Exposure via API
CVSS 4.6
CVE-2024-8979 HIGH
Essential Addons for Elementor < 6.0.9 - Authenticated Sensitive Information Exposure via Password Reset Email
CVSS 8.0
CVE-2024-8978 MEDIUM
Essential Addons for Elementor < 6.0.9 - Authenticated Sensitive Information Exposure via Login Register Form Widget
CVSS 5.7
CVE-2024-47915 HIGH
VaeMendis Ubooquity 2.1.2-2.1.4 - Exposure of Sensitive Information
CVSS 7.5
CVE-2024-48900 MEDIUM
Moodle 4.4.0-4.4.3 - Exposure of Sensitive Information via Badge Recipient Access Control
CVSS 4.3
CVE-2024-52297 CRITICAL
Tolgee 3.81.1 - Exposure of Sensitive Configuration Information
CVSS 9.8
CVE-2024-10971 MEDIUM
Devolutions Server < 2024.3.7.0 - Authenticated Sensitive Data Exposure via Password History Feature
CVSS 4.3
CVE-2024-46894 MEDIUM
SINEC INS < V1.0 SP2 Update 3 - Authenticated Information Disclosure and Configuration Modification via SFTP Users API
CVSS 6.3
CVE-2024-52032 MEDIUM
Mattermost <10.0.0-9.11.2 - Info Disclosure
CVSS 4.3
CVE-2024-10352 MEDIUM
Magical Addons For Elementor < 1.2.4 - Authenticated Sensitive Information Exposure via get_content_type Function
CVSS 4.3
CVE-2024-8756 MEDIUM
Quform - WordPress Form Builder <2.20.0 - Info Disclosure
CVSS 5.3
CVE-2024-10285 CRITICAL
CE21 Suite <2.2.0 - Info Disclosure
CVSS 9.8
CVE-2024-52001 MEDIUM
Combodo iTop <3.2.0 - Info Disclosure
CVSS 4.3
CVE-2024-48011 LOW
Dell PowerProtect DD < 7.7.5.50 - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 3.1
CVE-2024-10965 MEDIUM
emqx neuron < 2.10.0 - Information Disclosure via JSON File Handler
CVSS 4.3
CVE-2024-50342 LOW
symfony/http-client < 5.4.46 - Information Exposure via NoPrivateNetworkHttpClient
CVSS 3.1
CVE-2024-20507 MEDIUM
Cisco Meeting Management - Info Disclosure
CVSS 4.3
CVE-2024-20457 MEDIUM
Cisco Unified Communications Manager IM And Presence Service - Information Disclosure
CVSS 6.5
CVE-2024-20445 MEDIUM
Cisco Desk Phone 9800 Series - Info Disclosure
CVSS 5.3
CVE-2024-6861 HIGH
Red Hat Satellite 6.12 for RHEL 8 - Exposure of Sensitive Information via GraphQL API Introspection
CVSS 7.5
CVE-2024-10916 MEDIUM
D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L - Information Disclosure via /xml/info.xml
CVSS 5.3
CVE-2024-10084 MEDIUM
Contact Form 7 - Dynamic Text Extension <= 4.5 - Authenticated Information Disclosure via CF7_get_post_var Shortcode
CVSS 4.3
CVE-2024-51739 HIGH
Combodo iTop < 2.7.11 - Unauthenticated User Enumeration via Password Reset Error Message
CVSS 7.5
CVE-2024-10329 MEDIUM
Ultimate Bootstrap Elements for Elementor <= 1.4.6 - Sensitive Information Exposure
CVSS 4.3
CVE-2024-10319 MEDIUM
Xpro Addons for Elementor < 1.4.6 - Authenticated Sensitive Information Exposure via Content Toggle Widget
CVSS 4.3
Details
Vulnerabilities 10,129
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits