CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,142 vulnerabilities with CWE-200
CVE-2024-25118 MEDIUM
TYPO3 <8.7.57-13.0.1 - Info Disclosure
CVSS 4.3
CVE-2024-21380 HIGH
Microsoft Dynamics 365 Business Central - Exposure of Sensitive Information
CVSS 8.0
CVE-2024-1431 MEDIUM
Netgear R7000 Firmware 1.0.11.136_10.2.120 - Information Disclosure via Web Management Interface
CVSS 4.3
CVE-2024-1430 MEDIUM
Netgear R7000 1.0.11.136_10.2.120 - Information Disclosure via Web Management Interface
CVSS 4.3
CVE-2024-1406 MEDIUM
Linksys WRT54GL 4.30.18 - Information Disclosure in Web Management Interface
CVSS 4.3
CVE-2024-1405 MEDIUM
Linksys WRT54GL 4.30.18 - Information Disclosure in Web Management Interface
CVSS 4.3
CVE-2024-21624 MEDIUM
nonebot2 2.0.1-2.2.0 - Information Exposure via MessageTemplate User Input
CVSS 5.7
CVE-2024-1404 MEDIUM
Linksys WRT54GL 4.30.18 - Information Disclosure via Web Management Interface
CVSS 4.3
CVE-2024-24825 CRITICAL
DIRAC < 8.0.37 - Unauthorized Token Exposure
CVSS 9.1
CVE-2024-0242 HIGH
Qolsys IQ Panel 4 and IQ4 Hub Firmware < 4.4.2 - Unauthorized Access to Settings
CVSS 7.3
CVE-2024-24215 MEDIUM
Cellinx NVT Web Server 5.0.0.014 - Exposure of Sensitive Information via GetJsonValue.cgi
CVSS 5.3
CVE-2024-24304 HIGH
Mailjet < 3.5.1 - Unauthenticated Exposure of Sensitive Technical Information
CVSS 7.5
CVE-2024-22022 HIGH
Veeam Recovery Orchestrator - Privilege Escalation
CVSS 8.8
CVE-2024-1255 MEDIUM
SepidzDigitalMenu < 7.1.0728.1 - Exposure of Sensitive Information via /Waiters Endpoint
CVSS 5.3
CVE-2024-22331 MEDIUM
IBM UrbanCode Deploy <8.0.0.0 - Info Disclosure
CVSS 6.2
CVE-2024-23344 MEDIUM
Tuleap < 15.3.5 and 15.2.99.49-15.4.99.140 - Exposure of Sensitive Information via Permission Validation Bypass
CVSS 5.3
CVE-2024-1210 MEDIUM
LearnDash LMS <4.10.1 - Info Disclosure
CVSS 5.3
CVE-2024-1209 MEDIUM
LearnDash LMS <4.10.1 - Info Disclosure
CVSS 5.3
CVE-2024-1208 MEDIUM
LearnDash LMS <4.10.2 - Info Disclosure
CVSS 5.3
CVE-2024-23550 MEDIUM
HCL DevOps Deploy and HCL Launch 7.0.0.0-7.0.5.20 - Unauthorized Sensitive Information Exposure
CVSS 6.2
CVE-2024-0909 MEDIUM
Anonymous Restricted Content <1.6.2 - Info Disclosure
CVSS 5.3
CVE-2024-1200 MEDIUM
Jspxcms 10.2.0 - Information Disclosure in /template/1/default/
CVSS 5.3
CVE-2024-24757 HIGH
open-irs < 1.0.1 - Exposure of Sensitive Information via .env File
CVSS 7.6
CVE-2024-24755 MEDIUM
discourse-group-membership-ip-block - Info Disclosure
CVSS 4.3
CVE-2024-24548 MEDIUM
Payment EX <Ver1.1.5b - Info Disclosure
CVSS 6.5
Details
Vulnerabilities 10,142
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits