CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,142 vulnerabilities with CWE-200
CVE-2024-1083 MEDIUM
Simple Restrict <1.2.6 - Info Disclosure
CVSS 5.3
CVE-2024-1979 LOW
Quarkus Kubernetes Deployment < 3.7.3 - Exposure of Sensitive Git Credentials
CVSS 3.5
CVE-2024-28238 LOW
Directus < 10.10.0 - Session Token Exposure via /files URL Parameter
CVSS 2.3
CVE-2024-28236 HIGH
go-vela/worker < 0.23.2 - Sensitive Information Exposure via Log Masking Bypass
CVSS 7.7
CVE-2024-28340 HIGH
Netgear CBR40, CBK40, CBK43 2.5.0.28 - Unauthenticated Sensitive Information Exposure via currentsetting.htm
CVSS 7.5
CVE-2024-28339 MEDIUM
Netgear CBR40, CBK40, CBK43 2.5.0.28 - Unauthenticated Sensitive Information Exposure via debuginfo.htm
CVSS 5.4
CVE-2024-26177 MEDIUM
Windows Kernel - Information Disclosure
CVSS 5.5
CVE-2024-1302 HIGH
Badger Meter Monitool < 4.7 - Exposure of Sensitive Information via File Parameter Manipulation
CVSS 7.3
CVE-2024-2371 MEDIUM
Korenix JetI/O 6550 F208 - Info Disclosure
CVSS 6.2
CVE-2024-0906 MEDIUM
f(x) Private Site <1.2.1 - Info Disclosure
CVSS 5.3
CVE-2024-28120 MEDIUM
codeium-chrome - Unauthenticated API Key Theft via Unvalidated External Message
CVSS 6.5
CVE-2024-25114 LOW
Collabora Online < 21.11.9.4 - Exposure of Sensitive Information via CELL Function
CVSS 2.6
CVE-2024-26309 MEDIUM
Archer Platform 6.3.0.0-6.14.0.2.1 - Unauthenticated Sensitive Information Exposure via Internal URL
CVSS 5.3
CVE-2024-23292 LOW
iPadOS < 17.4 - Unauthorized Contact Information Exposure
CVSS 3.3
CVE-2024-23235 MEDIUM
iPadOS < 16.7.6 - Unauthorized Access to User-Sensitive Data via Race Condition
CVSS 4.7
CVE-2024-1460 MEDIUM
MSI Afterburner 4.6.5.16370 - Kernel Memory Leak via RTCore64.sys IOCTL 0x80002040
CVSS 5.6
CVE-2024-24765 HIGH
CasaOS-UserService <0.4.7 - Path Traversal
CVSS 7.5
CVE-2024-20292 MEDIUM
Cisco Duo Authentication for Windows Logon and RDP - Info Disclosure
CVSS 4.4
CVE-2024-1769 MEDIUM
JM Twitter Cards <12 - Info Disclosure
CVSS 5.3
CVE-2024-20019 MEDIUM
MediaTek Software Package < 2023.11.10 - Denial of Service via WLAN Driver Memory Leak
CVSS 5.9
CVE-2024-0765 MEDIUM
AnythingLLM < 1.0.0 - Authenticated Sensitive Data Exposure via Export Endpoint
CVSS 6.5
CVE-2024-25839 HIGH
Webbax supernewsletter < 1.4.21 - Privilege Escalation and Sensitive Information Exposure
CVSS 7.5
CVE-2024-27296 MEDIUM
Directus < 10.8.3 - Unauthenticated Sensitive Information Exposure via Compiled JS Bundles
CVSS 5.3
CVE-2024-1952 LOW
Mattermost <8.1.9 - Info Disclosure
CVSS 3.1
CVE-2024-1949 LOW
Mattermost <8.1.9-9.4.2 - Privilege Escalation
CVSS 2.6
Details
Vulnerabilities 10,142
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits