CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,142 vulnerabilities with CWE-200
CVE-2024-23107 MEDIUM
FortiWeb 6.3.0-6.3.22, 7.0.0-7.0.8, 7.2.0-7.2.4, 7.4.0 - Authenticated Password Hash Exposure via CLI Commands
CVSS 5.5
CVE-2024-34005 MEDIUM
moodle <4.1.10 and 4.3.0-4.3.4 - Local File Inclusion via Restored Database Activity Module
CVSS 6.5
CVE-2024-34004 MEDIUM
Moodle < 4.1.10 and 4.3.0-4.3.4 - Local File Include via Wiki Module Restore
CVSS 6.5
CVE-2024-34003 MEDIUM
Moodle < 4.1.10 and 4.3.0-4.3.4 - Local File Inclusion via Workshop Module Restore
CVSS 5.9
CVE-2024-34002 MEDIUM
Moodle < 4.1.10 and 4.3.0-4.3.4 - Local File Include via Feedback Module Restore
CVSS 6.5
CVE-2024-5524 MEDIUM
Astrotalks 10/03/2023 - Unauthenticated Exposure of Sensitive Information
CVSS 5.3
CVE-2024-35189 MEDIUM
Fides < 2.37.0 - Sensitive Information Exposure via BigQuery Keyfile Creds API
CVSS 6.5
CVE-2024-36118 LOW
MeterSphere <2.10.15-lts - Info Disclosure
CVSS 3.5
CVE-2024-36955 HIGH
Linux Kernel 5.12-6.8.9 - Resource Leak via ALSA HD Audio Intel SoundWire ACPI
CVSS 7.7
CVE-2024-36910 MEDIUM
Linux kernel - Info Disclosure
CVSS 6.2
CVE-2024-36107 MEDIUM
MinIO < RELEASE.2024-05-27T19-17-46Z - Sensitive Object Metadata Exposure via HTTP Headers
CVSS 5.3
CVE-2024-24919 HIGH KEV
Check Point Quantum Gateway - Information Disclosure
CVSS 8.6
CVE-2024-35343 CRITICAL
Anpviz IP Cameras <= v3.2.2.2 - Unauthenticated Arbitrary File Read via /playback/ URI
CVSS 9.8
CVE-2024-35341 HIGH
Anpviz IP Cameras <= v3.2.2.2 - Unauthenticated Exposure of Sensitive Information via Config File Download
CVSS 7.5
CVE-2024-34029 MEDIUM
Mattermost <9.5.4, 9.7.2, 8.1.13 - Info Disclosure
CVSS 4.3
CVE-2024-5354 MEDIUM
Anji-plus AJ-Report <1.4.1 - Info Disclosure
CVSS 4.3
CVE-2024-5202 HIGH
OpenText Dimensions RM - Info Disclosure
CVSS 7.7
CVE-2024-28188 MEDIUM
jupyter-scheduler < 1.1.6, 1.2.1, 1.8.2, 2.5.2 - Exposure of Sensitive Information via Conda Environment List
CVSS 5.3
CVE-2024-35223 MEDIUM
dapr 1.13.0-1.13.2 - Unauthorized Application Token Exposure via gRPC Proxy
CVSS 5.3
CVE-2024-5230 MEDIUM
EnvaySoft FleetCart <4.1.1 - Info Disclosure
CVSS 5.3
CVE-2024-22275 MEDIUM
VMware Cloud Foundation 4.0-5.1.0 - Authenticated Partial File Read
CVSS 4.9
CVE-2024-21902 MEDIUM
QNAP QTS and QuTS hero - Authenticated Exposure of Sensitive Information via Incorrect Permission Assignment
CVSS 6.4
CVE-2024-1968 HIGH
Scrapy < 1.8.4 and 2.0-2.11.1 - Authorization Header Exposure via Same-Domain Scheme Redirect
CVSS 7.5
CVE-2024-5096 MEDIUM
Hipcam Device <20240511 - Info Disclosure
CVSS 5.3
CVE-2024-32131 MEDIUM
W3 Eden Inc. Download Manager <3.2.82 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 10,142
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits