CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,133 vulnerabilities with CWE-200
CVE-2024-22032 MEDIUM
Rancher RKE1 - Plaintext Secret Exposure During Reconciliation
CVSS 6.5
CVE-2024-9540 MEDIUM
Elementor Sina Extension <= 3.5.7 - Authenticated Sensitive Information Exposure
CVSS 4.3
CVE-2024-21209 LOW
MySQL Client <= 8.4.2 and <= 9.0.1 - Exposure of Sensitive Information in mysqldump
CVSS 2.0
CVE-2024-21205 MEDIUM
Oracle Fusion Middleware 12.2.1.4.0 - Unauthorized Data Access via OSB Core Functionality
CVSS 6.5
CVE-2024-47824 HIGH
matrix-react-sdk <3.102.0 - Info Disclosure
CVE-2024-47779 HIGH
Element Web <1.11.80 - Info Disclosure
CVE-2024-47771 HIGH
Element Desktop <1.11.80 - Info Disclosure
CVE-2024-47080 HIGH
matrix-js-sdk <34.7.0 - Info Disclosure
CVE-2024-6757 MEDIUM
Elementor Website Builder - Info Disclosure
CVSS 4.3
CVE-2024-9546 MEDIUM
WPIDE - File Manager & Code Editor <= 3.4.9 - Unauthenticated Full Path Disclosure via PHP-Parser Library
CVSS 5.3
CVE-2024-48824 HIGH
Automatic Systems Maintenance SlimLane 29565 - Info Disclosure
CVSS 7.5
CVE-2024-48789 HIGH
INATRONIC com.inatronic.drivedeck.home <2.6.23 - Info Disclosure
CVSS 7.5
CVE-2024-48799 HIGH
LOREX TECHNOLOGY INC com.lorexcorp.lorexping <1.4.22 - Info Disclosure
CVSS 7.5
CVE-2024-48798 HIGH
Hubble Connected <2.00.81 - Info Disclosure
CVSS 7.5
CVE-2024-48797 HIGH
PCS Engineering Preston Cinema <0.2.0 - Info Disclosure
CVSS 7.5
CVE-2024-48796 HIGH
EQUES com.eques.plug <1.0.1 - Info Disclosure
CVSS 7.5
CVE-2024-45739 MEDIUM
Splunk < 9.3.1, < 9.2.3, < 9.1.6 - Plaintext Password Exposure in AdminManager Debug Log
CVSS 4.9
CVE-2024-45738 MEDIUM
Splunk 9.1.0-9.1.5 - Sensitive Information Exposure via REST_Calls Log Channel
CVSS 4.9
CVE-2024-8902 MEDIUM
Elementor Addon Elements < 1.13.8 - Authenticated Sensitive Information Exposure via Data Table Render Column
CVSS 4.3
CVE-2024-9821 HIGH
WooCommerce plugin <1.2.4 - Info Disclosure
CVSS 8.8
CVE-2024-9539 MEDIUM
GitHub Enterprise Server < 3.11.16 - Information Disclosure via Malicious SVG Asset URL
CVSS 4.3
CVE-2024-39527 MEDIUM
Junos OS on SRX Series Authenticated Sensitive Information Exposure via CLI Command Injection
CVSS 5.5
CVE-2024-9538 MEDIUM
ShopLentor <= 2.9.8 - Authenticated Sensitive Information Exposure via WL FAQ Render Function
CVSS 4.3
CVE-2024-8913 MEDIUM
The Plus Addons for Elementor < 5.6.11 - Sensitive Information Exposure via TP Accordion Widget
CVSS 4.3
CVE-2024-47868 HIGH
Gradio < 5.0.0 - Path Traversal and Arbitrary File Read via FileData Components
CVSS 7.5
Details
Vulnerabilities 10,133
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits