CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,081 vulnerabilities with CWE-200
CVE-2026-8198 MEDIUM
Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity <= 3.3.6 - Unauthenticated Information Disclosure via REST API
CVSS 5.3
CVE-2026-42456 MEDIUM
AnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (IDOR)
CVSS 4.3
CVE-2026-41520 HIGH
Cillium exposes sensitive information included in the cilium-bugtool debug archive
CVSS 7.9
CVE-2026-42213 MEDIUM
SolidCAM-GPPL-IDE: Path traversal in `inc` directive enables file probing and NTLM-hash leak
CVE-2026-42195 LOW
Unvalidated gitlab URL parameter redirects OAuth authorize step to attacker-controlled host
CVSS 3.4
CVE-2026-25199 CRITICAL
Apache CloudStack: Proxmox Extension Allows Unauthorized Cross-Tenant Instance Access
CVSS 9.1
CVE-2026-43942 MEDIUM
electerm: Full process.env exposed to renderer via window.pre.env in electerm
CVSS 5.5
CVE-2026-42880 CRITICAL
ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction
CVSS 9.6
CVE-2026-42826 CRITICAL
Azure DevOps Information Disclosure Vulnerability
CVSS 10.0
CVE-2026-42047 HIGH
Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods
CVSS 8.6
CVE-2026-41659 LOW
Admidio: Hidden Profile Field Values Leaked via Blind Search Oracle in Member Assignment
CVSS 2.7
CVE-2026-8033 MEDIUM
PicoTronica e-Clinic Healthcare System ECHS Response Header v2 information disclosure
CVSS 5.3
CVE-2026-7999 MEDIUM
Google Chrome < 148.0.7778.96 - Exposure of Sensitive Information via V8
CVSS 4.3
CVE-2026-34474 HIGH
ZTE ZXHN H298A 1.1/H108N 2.6 - Info Disclosure
CVSS 7.5
CVE-2026-8028 LOW
FlowiseAI Flowise Endpoint account.service.ts verify information disclosure
CVSS 3.7
CVE-2026-8026 LOW
FlowiseAI Flowise API Response account.service.ts login information disclosure
CVSS 3.7
CVE-2026-43646 HIGH
Apache Wicket: crafted URLs can bypass PackageResourceGuard
CVSS 7.5
CVE-2026-36355 HIGH
Realtek rtl8192cd Wi-Fi Driver - Auth Bypass
CVSS 7.7
CVE-2026-4409 MEDIUM
Subscribe To Comments Reloaded <= 240119 - Improper Authorization to Unauthenticated Arbitrary Subscription Management
CVSS 6.5
CVE-2026-42223 MEDIUM
nginx-ui: Settings API Exposes Protected Secrets
CVSS 6.5
CVE-2026-42220 MEDIUM
Nginx UI < 2.3.8 - node.secret Information Disclosure
CVSS 6.5
CVE-2026-42151 HIGH
Prometheus Azure AD remote write OAuth client secret exposed via config API
CVSS 7.5
CVE-2026-42092 MEDIUM
Global Settings Publication Exposes Sensitive Configuration to Any Authenticated User in Titra
CVSS 6.5
CVE-2026-3504 MEDIUM
Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 4.3.1 - Unauthenticated Information Disclosure in Store Reviews REST API Endpoint
CVSS 5.3
CVE-2026-33448 LOW
Absolute Secure Access for macOS < 14.50 - Format String Information Disclosure
CVSS 3.3
Details
Vulnerabilities 10,081
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits