CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,133 vulnerabilities with CWE-200
CVE-2024-46938 HIGH
Sitecore Experience Platform, Experience Manager, and Experience Commerce 8.0-10.4 - Unauthenticated Arbitrary File Read
CVSS 7.5
CVE-2024-39925 MEDIUM
Vaultwarden 1.30.3 - Unauthorized Access to Encrypted Organization Data via Improper Key Rotation
CVSS 6.5
CVE-2024-44685 MEDIUM
Titan SFTP & Titan MFT Server <2.0.25.2426 - Info Disclosure
CVSS 5.0
CVE-2024-6544 MEDIUM
Custom Post Limits <4.4.1 - Info Disclosure
CVSS 5.3
CVE-2024-41629 MEDIUM
Texas Instruments Fusion Digital Power Designer 7.10.1 - Sensitive Information Exposure via Plaintext Credential Storage
CVSS 5.5
CVE-2024-45624 HIGH
Pgpool-II 3.2, 4.1-4.5 - Exposure of Sensitive Information via Query Cache
CVSS 7.5
CVE-2024-8097 MEDIUM
Payara Platform Payara Server - Info Disclosure
CVE-2024-27113 CRITICAL
SO Planning <1.52.02 - Unauthenticated Database Export Access Control Bypass
CVSS 9.8
CVE-2024-31490 MEDIUM
Fortinet FortiSandbox 3.2.2-4.4.4 - Exposure of Sensitive Information via HTTP GET Requests
CVSS 4.3
CVE-2024-37991 MEDIUM
SIMATIC RF360R < 2.2 - Unauthenticated Sensitive Information Exposure via Service Log Files
CVSS 5.3
CVE-2024-42019 HIGH
Veeam ONE < 12.2.0.4093 - Exposure of Sensitive Information via NTLM Hash Access
CVSS 8.0
CVE-2024-38650 CRITICAL
Veeam Service Provider Console - Unauthenticated Exposure of Sensitive Information via NTLM Hash Access
CVSS 9.9
CVE-2024-8538 MEDIUM
Big File Uploads - Full Path Disclosure
CVSS 4.3
CVE-2024-44408 HIGH
D-Link DIR-823G v1.0.2B05_20181207 - Unauthenticated Information Disclosure via Configuration File Download
CVSS 7.5
CVE-2024-45040 MEDIUM
gnark-crypto < 0.11.0 - Exposure of Sensitive Information via Groth16 Commitment
CVSS 5.9
CVE-2024-45039 MEDIUM
gnark-crypto < 0.11.0 - Exposure of Sensitive Information via Multiple Commitments
CVSS 6.2
CVE-2024-7415 MEDIUM
Remember Me Controls <= 2.0.1 - Unauthenticated Full Path Disclosure via bootstrap.php
CVSS 5.3
CVE-2024-8461 MEDIUM
D-Link DNS-320 2.02b01 - Info Disclosure
CVSS 5.3
CVE-2024-8460 LOW
D-Link DNS-320 2.02b01 - Info Disclosure
CVSS 3.7
CVE-2024-6835 MEDIUM
Ivory Search - WordPress Search Plugin <5.5.6 - Info Disclosure
CVSS 5.3
CVE-2024-20503 MEDIUM
Cisco Duo Epic for Hyperdrive - Info Disclosure
CVSS 5.5
CVE-2024-44820 MEDIUM
ZZCMS < 2023 - Sensitive Information Disclosure via eginfo.php phome Parameter
CVSS 6.1
CVE-2024-8106 MEDIUM
WP Extended <3.0.8 - Info Disclosure
CVSS 6.5
CVE-2024-45447 MEDIUM
Camera Framework Module - Info Disclosure
CVSS 4.4
CVE-2024-45450 MEDIUM
Software Update Module - Info Disclosure
CVSS 4.0
Details
Vulnerabilities 10,133
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits