CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,142 vulnerabilities with CWE-200
CVE-2024-2093 MEDIUM
VK All in One Expansion Unit - Info Disclosure
CVSS 6.5
CVE-2024-31455 MEDIUM
Minder 0.0.39 - Exposure of Sensitive Information via SQL Query Parentheses Error
CVSS 4.3
CVE-2024-28235 HIGH
Contao 4.9.0-4.13.39 - Session Cookie Disclosure via Crawler External URL Requests
CVSS 8.3
CVE-2024-23662 MEDIUM
FortiOS 6.4.0-6.4.15, 7.0.0-7.0.15, 7.2.0-7.2.5, 7.4.0-7.4.1 - Exposure of Sensitive Information via HTTP Requests
CVSS 5.3
CVE-2024-30269 MEDIUM
dataease < 2.5.0 - Unauthenticated Exposure of Sensitive Database Configuration via /de2api/engine/getEngine;.js
CVSS 5.3
CVE-2024-31817 HIGH
TOTOLINK EX200 V4.0.3c.7646_B20201211 - Info Disclosure
CVSS 7.5
CVE-2024-31816 HIGH
TOTOLINK EX200 V4.0.3c.7646_B20201211 - Info Disclosure
CVSS 7.5
CVE-2024-27897 HIGH
Huawei EMUI and HarmonyOS - Exposure of Sensitive Information via Call Module Input Verification
CVSS 7.5
CVE-2024-2950 MEDIUM
BoldGrid Easy SEO <1.6.14 - Info Disclosure
CVSS 5.3
CVE-2024-30263 HIGH
macro-pdfviewer <= 2.5.0 - Exposure of Sensitive Information via PDF Viewer Macro
CVSS 7.7
CVE-2024-31207 MEDIUM
NPM Vite < 2.9.18 - Information Disclosure
CVSS 5.9
CVE-2024-3262 MEDIUM
RT software <4.4.1 - Info Disclosure
CVSS 5.5
CVE-2024-3274 MEDIUM
D-Link DNS-320L, DNS-320LW, DNS-327L <20240403 - Info Disclosure
CVSS 5.3
CVE-2024-30571 HIGH
Netgear R6850 v1.1.0.88 - Unauthenticated Exposure of Sensitive Information in BRS_top.html
CVSS 7.5
CVE-2024-30570 MEDIUM
Netgear R6850 v1.1.0.88 - Unauthenticated Sensitive Information Exposure via debuginfo.htm
CVSS 5.3
CVE-2024-30569 HIGH
Netgear R6850 v1.1.0.88 - Unauthenticated Exposure of Sensitive Information via currentsetting.htm
CVSS 7.5
CVE-2024-2931 MEDIUM
WPFront User Role Editor <3.2.1.11184 - Info Disclosure
CVSS 4.3
CVE-2024-3160 MEDIUM
Intelbras MHDX and HDCVI - Information Disclosure via /cap.js HTTP GET Request
CVSS 5.3
CVE-2024-30469 MEDIUM
Wholesale For WooCommerce < 2.3.0 - Unauthenticated Exposure of Sensitive Information
CVSS 5.3
CVE-2024-29898 MEDIUM
MediaWiki extension - Info Disclosure
CVSS 4.9
CVE-2024-29897 MEDIUM
MediaWiki Extension - Info Disclosure
CVSS 4.9
CVE-2024-28247 HIGH
Pi-hole < 5.18 - Authenticated Arbitrary File Read via Adlist Local File Update
CVSS 7.6
CVE-2024-25734 HIGH
WyreStorm Apollo VX20 Firmware < 1.3.58 - Unauthenticated User Enumeration via TELNET Service
CVSS 7.5
CVE-2024-28442 HIGH
Yealink VP59 Firmware 91.15.0.118 - Directory Traversal & Sensitive Info Exposure
CVSS 7.5
CVE-2024-29197 MEDIUM
pimcore 11.0.0-11.1.6 - Unauthenticated Exposure of Sensitive Information via Preview Parameter
CVSS 6.5
Details
Vulnerabilities 10,142
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits