CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,133 vulnerabilities with CWE-200
CVE-2024-45391 HIGH
Tina CMS < 1.6.2 - Search Token Exposure via Lock File
CVSS 7.5
CVE-2024-43803 MEDIUM
Bare Metal Operator < 0.8.0, 0.6.0-0.6.2, < 0.5.2 - Unauthorized Secret Access via BareMetalHost CRD
CVSS 4.9
CVE-2024-45388 HIGH
Hoverfly < 1.10.3 - Path Traversal via Simulation API File Parameter
CVSS 7.5
CVE-2024-43801 MEDIUM
Jellyfin 10.8.0-10.9.9 - Stored Cross-Site Scripting via SVG Profile Image Upload
CVSS 4.6
CVE-2024-3679 MEDIUM
Premium SEO Pack - WP SEO Plugin <= 1.6.002 - Unauthenticated Sensitive Information Exposure via Social Meta Data
CVSS 5.3
CVE-2024-2541 MEDIUM
Popup Builder < 4.3.6 - Unauthenticated Sensitive Information Exposure via Subscribers Import
CVSS 5.3
CVE-2024-7418 MEDIUM
The Post Grid < 7.7.11 - Authenticated Sensitive Information Exposure via post_query_guten and post_query Functions
CVSS 4.3
CVE-2024-6551 MEDIUM
GiveWP - Donation Plugin <3.15.1 - Info Disclosure
CVSS 5.3
CVE-2024-45054 LOW
Hwameistor <0.14.5 - Privilege Escalation
CVSS 2.8
CVE-2024-45043 MEDIUM
OpenTelemetry Collector - Unauthenticated RCE
CVSS 5.3
CVE-2024-6448 MEDIUM
Mollie Payments for WooCommerce <7.7.0 - Info Disclosure
CVSS 5.3
CVE-2024-6633 CRITICAL
FileCatalyst Workflow - Info Disclosure
CVSS 9.8
CVE-2024-43258 MEDIUM
Store Locator Plus <2311.17.01 - Info Disclosure
CVSS 5.3
CVE-2024-43257 MEDIUM
Nouthemes Leopard - WordPress offload media <2.0.36 - Info Disclosure
CVSS 6.5
CVE-2024-43251 MEDIUM
Bit Apps Bit Form Pro - Info Disclosure
CVSS 6.5
CVE-2024-43319 MEDIUM
bPlugins LLC Flash & HTML5 Video <2.5.31 - Info Disclosure
CVSS 4.3
CVE-2024-43289 HIGH
wpForo Forum <2.3.4 - Info Disclosure
CVSS 7.5
CVE-2024-42339 MEDIUM
CyberArk Identity - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 4.3
CVE-2024-42338 MEDIUM
CyberArk Identity - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 4.3
CVE-2024-42337 MEDIUM
CyberArk Identity - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 4.3
CVE-2024-6499 MEDIUM
WordPress Button Plugin MaxButtons <9.7.8 - Info Disclosure
CVSS 5.3
CVE-2024-8072 MEDIUM
Mage AI - Unauthenticated Exposure of Sensitive Terminal Server Command History
CVSS 5.3
CVE-2024-39344 HIGH
Docusign API package 8.142.14 - Info Disclosure
CVSS 8.1
CVE-2024-6568 MEDIUM
Flamix: Bitrix24 & Contact Form 7 - Info Disclosure
CVSS 5.3
CVE-2024-5880 MEDIUM
Hide My Site <2.2 - Info Disclosure
CVSS 4.3
Details
Vulnerabilities 10,133
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits