CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,129 vulnerabilities with CWE-200
CVE-2024-32870 MEDIUM
Combodo iTop < 2.7.11 - Unauthenticated Exposure of Sensitive Information
CVSS 5.8
CVE-2024-8553 MEDIUM
Red Hat Satellite 6.13-6.16 - Authenticated Sensitive Information Exposure via Foreman Loader Macros
CVSS 6.3
CVE-2024-33626 MEDIUM
LevelOne WBR-6012 Firmware - Unauthenticated Sensitive Information Exposure via Hidden Web Page
CVSS 5.3
CVE-2024-33603 MEDIUM
LevelOne WBR-6012 Firmware - Unauthenticated Sensitive Information Exposure via Verbose System Log Page
CVSS 5.3
CVE-2024-10360 MEDIUM
Move Addons for Elementor <= 1.3.5 - Authenticated Sensitive Information Exposure via Widget Render Function
CVSS 4.3
CVE-2024-10312 MEDIUM
Exclusive Addons for Elementor <2.7.4 - Info Disclosure
CVSS 4.3
CVE-2024-30106 LOW
HCL Connections - Exposure of Sensitive Information via IBM WebSphere Request Handling
CVSS 3.5
CVE-2024-10357 MEDIUM
Clever Addons for Elementor <2.2.1 - Info Disclosure
CVSS 4.3
CVE-2024-49357 HIGH
ZimaOS < 1.2.5 - Unauthenticated Sensitive Data Exposure via API Endpoints
CVSS 7.5
CVE-2024-10050 MEDIUM
Elementor Header & Footer Builder <1.6.43 - Info Disclosure
CVSS 4.3
CVE-2024-10290 MEDIUM
ZZCMS 2023 - Exposure of Sensitive Information in com/inc.php
CVSS 5.3
CVE-2024-9530 MEDIUM
Qi Addons For Elementor <= 1.8.0 - Authenticated Sensitive Information Exposure via Private Templates
CVSS 4.3
CVE-2024-50312 MEDIUM
OpenShift Container Platform - Unauthenticated Exposure of Sensitive GraphQL Schema Information via Introspection Query
CVSS 5.3
CVE-2024-9541 MEDIUM
News Kit Elementor Addons <= 1.2.1 - Authenticated Sensitive Information Exposure via Canvas Menu Render Function
CVSS 4.3
CVE-2024-9627 HIGH
TeploBot - Telegram Bot for WP <= 1.3 - Unauthenticated Sensitive Information Exposure via service_process Function
CVSS 8.6
CVE-2024-8852 MEDIUM
All-in-One WP Migration and Backup <= 7.86 - Unauthenticated Sensitive Information Exposure via Public Log Files
CVSS 5.3
CVE-2024-45309 HIGH
OneDev Unauthenticated Arbitrary File Read
CVSS 7.5
CVE-2024-9889 MEDIUM
ElementInvader Addons for Elementor <= 1.2.9 - Authenticated Sensitive Information Exposure via Page Loader Widget
CVSS 4.3
CVE-2024-42508 MEDIUM
HPE OneView <= 9.20.00 - Information Disclosure
CVSS 5.5
CVE-2024-49284 MEDIUM
BogdanFix WP SendFox <1.3.1 - Info Disclosure
CVSS 5.3
CVE-2024-7417 MEDIUM
Royal Elementor Addons < 1.3.986 - Authenticated Information Exposure via data_fetch
CVSS 4.3
CVE-2024-22032 MEDIUM
Rancher RKE1 - Plaintext Secret Exposure During Reconciliation
CVSS 6.5
CVE-2024-9540 MEDIUM
Elementor Sina Extension <= 3.5.7 - Authenticated Sensitive Information Exposure
CVSS 4.3
CVE-2024-21209 LOW
MySQL Client <= 8.4.2 and <= 9.0.1 - Exposure of Sensitive Information in mysqldump
CVSS 2.0
CVE-2024-21205 MEDIUM
Oracle Fusion Middleware 12.2.1.4.0 - Unauthorized Data Access via OSB Core Functionality
CVSS 6.5
Details
Vulnerabilities 10,129
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits