CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,134 vulnerabilities with CWE-200
CVE-2024-41733 MEDIUM
SAP Commerce - Unauthenticated User Enumeration via Registration and Login Processes
CVSS 5.3
CVE-2024-33003 HIGH
SAP Commerce Cloud - Exposure of Sensitive Information via OCC API Endpoint URL Parameters
CVSS 7.4
CVE-2024-37924 MEDIUM
Wp2speed WP2Speed Faster <1.0.1 - Info Disclosure
CVSS 5.3
CVE-2024-7704 MEDIUM
Weaver e-cology 8 - Information Disclosure in Source Code Handler
CVSS 5.3
CVE-2024-7697 HIGH
Transsion Carlcare - Exposure of Private Personal Information
CVSS 7.5
CVE-2024-7416 MEDIUM
Reveal Template <3.7 - Info Disclosure
CVSS 5.3
CVE-2024-7414 MEDIUM
PDF Builder for WPForms <1.2.116 - Info Disclosure
CVSS 5.3
CVE-2024-7413 MEDIUM
Obfuscate Email <3.8.1 - Info Disclosure
CVSS 5.3
CVE-2024-7412 MEDIUM
No Update Nag <= 1.4.12 - Unauthenticated Full Path Disclosure via bootstrap.php
CVSS 5.3
CVE-2024-7410 MEDIUM
My Custom CSS PHP & ADS <3.3 - Info Disclosure
CVSS 5.3
CVE-2024-7382 MEDIUM
Linkify Text plugin <1.9.2 - Info Disclosure
CVSS 5.3
CVE-2024-6562 MEDIUM
WordPress Affiliate Plugin <3.5.5 - Info Disclosure
CVSS 5.3
CVE-2024-38200 MEDIUM
Microsoft 365 Apps and Office - Exposure of Sensitive Information via Spoofing
CVSS 6.5
CVE-2024-42493 MEDIUM
Dorsett Controls InfoScan - Info Disclosure
CVSS 5.3
CVE-2024-39287 MEDIUM
Dorsett Controls InfoScan - Unprotected Credential Exposure
CVSS 5.3
CVE-2024-7554 MEDIUM
GitLab 13.9-17.0.5, 17.1-17.1.3, 17.2-17.2.1 - Exposure of Sensitive Information via API Request Logging
CVSS 4.9
CVE-2024-6552 MEDIUM
Amelia plugin <1.2 - Info Disclosure
CVSS 5.3
CVE-2024-42222 MEDIUM
Apache CloudStack 4.19.1.0 - Unauthenticated Exposure of Sensitive Network Information via Network Listing API
CVSS 4.3
CVE-2024-34788 MEDIUM
Ivanti Endpoint Manager Mobile < 12.1.0.1 - Improper Authentication in Web Component
CVSS 6.5
CVE-2024-42394 CRITICAL
Soft AP Daemon Service - Unauthenticated RCE
CVSS 9.8
CVE-2024-39817 MEDIUM
Cybozu Office 10.0.0-10.8.6 - Authenticated Exposure of Sensitive Information via Custom App Search
CVSS 6.5
CVE-2024-42010 HIGH
Roundcube <1.5.7, <1.6.0-1.6.7 - Info Disclosure
CVSS 7.5
CVE-2024-7319 MEDIUM
openstack-heat - Exposure of Sensitive Information via Stack Abandon Command
CVSS 5.0
CVE-2024-6567 MEDIUM
Ebook Store plugin <5.8001 - Info Disclosure
CVSS 5.3
CVE-2024-38761 HIGH
Zephyr Project Manager <= 3.3.99 - Sensitive Data Exposure via Export File
CVSS 7.5
Details
Vulnerabilities 10,134
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits