CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

9,868 vulnerabilities with CWE-200
CVE-2026-32633 CRITICAL
Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`
CVSS 9.1
CVE-2026-33004 MEDIUM
Jenkins LoadNinja Plugin <=2.1 - Info Disclosure
CVSS 4.3
CVE-2026-32609 HIGH
Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials
CVSS 7.5
CVE-2026-32596 HIGH
Glances exposes the REST API without authentication
CVSS 7.5
CVE-2026-32266 LOW
Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability
CVE-2026-32265 MEDIUM
Amazon S3 for Craft CMS 2.0.2-2.2.4 - Bucket Listing Information Disclosure
CVE-2026-1267 MEDIUM
IBM Planning Analytics Information Disclosure
CVSS 6.5
CVE-2026-28506 MEDIUM
Outline's Information Disclosure in Activity Logs allows User Enumeration of Private Drafts
CVSS 4.3
CVE-2026-4202 MEDIUM
Broken Access Control in extension "Redirect Tab"
CVSS 4.3
CVE-2026-4218 LOW
myAEDES App aedes.me.beta EngageBayUtils.java information disclosure
CVSS 2.5
CVE-2026-2476 HIGH
MS Teams plugin sensitive config values not properly masked in support packets
CVSS 7.6
CVE-2026-22203 MEDIUM
wpDiscuz <7.6.47 - Info Disclosure
CVSS 4.9
CVE-2026-32237 MEDIUM
Backstage <3.1.5 - Info Disclosure
CVSS 4.4
CVE-2026-32142 MEDIUM
Shopware <7.8.1/6.10.15 - Info Disclosure
CVSS 5.3
CVE-2026-32100 MEDIUM
Shopware <2.0.16/3.0.12/4.0.7 - Info Disclosure
CVSS 5.3
CVE-2026-29066 MEDIUM
Tina CMS <2.1.8 - Info Disclosure
CVSS 6.2
CVE-2026-4040 LOW
OpenClaw <2026.2.17 - Info Disclosure
CVSS 3.3
CVE-2026-32098 HIGH
Parse Server <9.6.0-alpha.9/8.6.35 - Info Disclosure
CVSS 7.5
CVE-2026-32094 MEDIUM
Shescape <2.1.10 - Command Injection
CVSS 6.5
CVE-2026-20166 MEDIUM
Splunk Enterprise <10.2.1 - Info Disclosure
CVSS 5.4
CVE-2026-20164 MEDIUM
Splunk Enterprise <10.2.0 - Info Disclosure
CVSS 6.5
CVE-2026-1867 MEDIUM
Guest Posting Plugin <5.0.6 - Info Disclosure
CVSS 5.9
CVE-2026-31837 HIGH
Istio <1.29.1/1.28.5/1.27.8 - Auth Bypass
CVSS 7.5
CVE-2026-30933 HIGH
FileBrowser Quantum <1.3.1-beta/1.2.2-stable - Info Disclosure
CVSS 7.5
CVE-2026-30928 HIGH
Glances <4.5.1 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 9,868
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits