CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,134 vulnerabilities with CWE-200
CVE-2024-6565 MEDIUM
AForms Form Builder - Full Path Disclosure
CVSS 5.3
CVE-2024-6559 MEDIUM
XCloner Plugin <4.7.3 - Info Disclosure
CVSS 5.3
CVE-2024-6557 MEDIUM
SchedulePress <5.1.3 - Info Disclosure
CVSS 5.3
CVE-2024-39919 LOW
jmondi/url-to-png < 2.1.2 - Exposure of Sensitive Information via Localhost Screenshot Capture
CVSS 3.1
CVE-2024-40554 HIGH
Tmall_demo v2024.07.03 - Info Disclosure
CVSS 7.5
CVE-2024-6398 MEDIUM
SWG <12.2.10-11.2.24 - Info Disclosure
CVSS 4.3
CVE-2024-6574 MEDIUM
Laposta WordPress <1.12 - Info Disclosure
CVSS 5.3
CVE-2024-6555 MEDIUM
WP Popups - WordPress Popup builder <2.2.0.1 - Info Disclosure
CVSS 5.3
CVE-2024-6407 CRITICAL
Schneider Electric WHC-5918A Firmware - Information Exposure
CVSS 9.8
CVE-2024-6554 MEDIUM
Branda - White Label WordPress Custom Login Page Customizer <3.4.18...
CVSS 5.3
CVE-2024-6210 MEDIUM
Duplicator <1.5.9 - Info Disclosure
CVSS 5.3
CVE-2024-27090 MEDIUM
Decidim < 0.27.6 - Unauthorized Data Exposure via Embedded Resource Slug Inference
CVSS 5.3
CVE-2024-6646 MEDIUM
Netgear WN604 <20240710 - Info Disclosure
CVSS 5.3
CVE-2024-37504 MEDIUM
FileBird Document Library <2.0.6 - Info Disclosure
CVSS 5.3
CVE-2024-37498 MEDIUM
Pauple Table & Contact Form 7 Database - Info Disclosure
CVSS 5.3
CVE-2024-37115 HIGH
Automattic Newspack Blocks <3.0.8 - Info Disclosure
CVSS 7.5
CVE-2024-37113 CRITICAL
WishList Member X <3.26.7 - Info Disclosure
CVSS 9.8
CVE-2024-37110 HIGH
WishList Member X <3.26.7 - Info Disclosure
CVSS 7.5
CVE-2024-6556 MEDIUM
SmartCrawl WordPress SEO checker <3.10.8 - Info Disclosure
CVSS 5.3
CVE-2024-6550 MEDIUM
Gravity Forms: Multiple Form Instances <1.1.1 - Info Disclosure
CVSS 5.3
CVE-2024-32670 HIGH
Samsung Galaxy SmartTag2 <0.20.04 - Info Disclosure
CVE-2024-38970 MEDIUM
vaethink 1.0.2 - Exposure of Sensitive Information via Access Management Administrator Function
CVSS 4.9
CVE-2024-27362 MEDIUM
Samsung Mobile Processors - Info Disclosure
CVSS 4.4
CVE-2024-38041 MEDIUM
Windows Kernel - Information Disclosure
CVSS 5.5
CVE-2024-38030 MEDIUM
Windows 10/11, Server 2012-2022 - Unauthorized Information Exposure via Theme Spoofing
CVSS 6.5
Details
Vulnerabilities 10,134
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits