CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,142 vulnerabilities with CWE-200
CVE-2024-21626 HIGH
runc (docker) File Descriptor Leak Privilege Escalation
CVSS 8.6
CVE-2024-1098 MEDIUM
ruifang-tech rebuild < 3.5.5 - Information Disclosure via QiniuCloud.getStorageFile URL Parameter
CVSS 4.3
CVE-2024-22200 LOW
vantage6-ui < 4.2.0 - Nginx Version Exposure
CVSS 3.3
CVE-2024-1033 MEDIUM
openBI < 1.0.8 - Information Disclosure via Datament.php API Argument
CVSS 4.3
CVE-2024-23649 HIGH
Lemmy 0.17.0-0.19.1 - Authenticated Private Message Disclosure via Report API
CVSS 7.5
CVE-2024-22141 MEDIUM
Cozmoslabs Profile Builder Pro <3.10.0 - Info Disclosure
CVSS 6.5
CVE-2024-22154 HIGH
SNP Digital SalesKing <1.6.15 - Info Disclosure
CVSS 7.5
CVE-2024-22301 MEDIUM
Albo Pretorio On line <4.6.6 - Info Disclosure
CVSS 5.3
CVE-2024-22294 MEDIUM
IP2Location Country Blocker <2.33.3 - Info Disclosure
CVSS 5.3
CVE-2024-23224 MEDIUM
macOS < 13.6.4 and < 14.3 - Unprotected User Data Exposure
CVSS 5.5
CVE-2024-23207 MEDIUM
iPadOS 17.0-17.3 - Unauthorized Exposure of Sensitive User Data
CVSS 5.5
CVE-2024-23206 MEDIUM
Safari < 17.3 - User Fingerprinting via Malicious Webpage
CVSS 6.5
CVE-2024-22421 HIGH
JupyterLab <4.1.0b2-3.6.7 - Info Disclosure
CVSS 7.6
CVE-2024-23331 HIGH
vite 2.7.0-2.9.17 - Improper Access Control via Case-Insensitive Filesystem Bypass
CVSS 7.5
CVE-2024-0717 MEDIUM
D-Link DIR-825ACG1 Firmware < 2024-01-12 - Exposure of Sensitive Information via /devinfo HTTP GET Request Handler
CVSS 5.3
CVE-2024-0716 LOW
Byzoro Smart S150 Management Platform V31R02B15 - Info Disclosure
CVSS 3.1
CVE-2024-20955 LOW
Oracle GraalVM JDK 17.0.9/21.0.1 & Enterprise 20.3.12/21.3.8/22.3.4 - Sensitive Info Exposure
CVSS 3.7
CVE-2024-20920 LOW
Oracle Solaris 11 - Unauthorized Read Access via Filesystem Component
CVSS 3.8
CVE-2024-20914 LOW
Oracle ZFS Storage Appliance Kit 8.8 - Unauthorized Data Access
CVSS 2.3
CVE-2024-20910 LOW
Oracle Audit Vault and Database Firewall 20.1-20.9 - Authenticated Exposure of Sensitive Information via Oracle Net
CVSS 3.0
CVE-2024-20904 MEDIUM
Oracle Business Intelligence Enterprise Edition 6.4.0.0.0 and 12.2.1.4.0 - Unauthorized Data Access via Pod Admin
CVSS 5.0
CVE-2024-0569 MEDIUM
Totolink T8 4.1.5cu.833 - Info Disclosure
CVSS 4.3
CVE-2024-0490 MEDIUM
Huaxia ERP < 3.1 - Information Disclosure via /user/getAllList Endpoint
CVSS 5.3
CVE-2024-0472 LOW
Dormitory Management System 1.0 - Info Disclosure
CVSS 3.5
CVE-2024-21320 MEDIUM
Windows 10/11, Server 2012-2022 - Sensitive Info Exposure via Theme Spoofing
CVSS 6.5
Details
Vulnerabilities 10,142
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits