CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,146 vulnerabilities with CWE-200
CVE-2024-0569 MEDIUM
Totolink T8 4.1.5cu.833 - Info Disclosure
CVSS 4.3
CVE-2024-0490 MEDIUM
Huaxia ERP < 3.1 - Information Disclosure via /user/getAllList Endpoint
CVSS 5.3
CVE-2024-0472 LOW
Dormitory Management System 1.0 - Info Disclosure
CVSS 3.5
CVE-2024-21320 MEDIUM
Windows 10/11, Server 2012-2022 - Sensitive Info Exposure via Theme Spoofing
CVSS 6.5
CVE-2024-0340 MEDIUM
Linux Kernel < 6.4 - Unauthorized Memory Read via vhost_new_msg
CVSS 4.4
CVE-2024-0305 MEDIUM
Ncast < 2017 - Exposure of Sensitive Information via Guest Login
CVSS 5.3
CVE-2023-7320 MEDIUM
WooCommerce <7.8.2 - Info Disclosure
CVSS 5.3
CVE-2023-49367 HIGH
Kyocera Command Center RX EXOSYS M5521cdn - Info Disclosure
CVSS 8.8
CVE-2023-47799 HIGH
Mahara < 22.10.4 and 23.x < 23.04.4 - Unauthorized Information Disclosure via HTML Bulk Export
CVSS 7.5
CVE-2023-47029 CRITICAL
NCR Terminal Handler 1.5.1 - Remote Code Execution and Sensitive Information Exposure via UserService POST Request
CVSS 9.8
CVE-2023-47298 MEDIUM
NCR Terminal Handler 1.5.1 - Authenticated Exposure of Sensitive Information via SOAP API Endpoint
CVSS 4.3
CVE-2023-46669 MEDIUM
Elastic Agent/Elastic Security Endpoint - Info Disclosure
CVSS 6.2
CVE-2023-40723 HIGH
FortiSIEM 5.1.0-6.4.2 - Exposure of Sensitive Information via API Request
CVSS 8.1
CVE-2023-40108 MEDIUM
Android - Unauthorized Media Content Access via Missing Permission Check
CVSS 5.5
CVE-2023-24012 HIGH
OpenDDS Secure DDS - PKCS#7 Permission Verification Bypass
CVSS 8.2
CVE-2023-24011 HIGH
ZettaScale DDS - PKCS#7 Permission Verification Bypass
CVSS 8.2
CVE-2023-24010 HIGH
eProsima DDS - PKCS#7 Permission Verification Bypass
CVSS 8.2
CVE-2023-31280 MEDIUM
AirVantage Online Warranty Checker - Info Disclosure
CVSS 5.3
CVE-2023-29116 MEDIUM
Enel X Waybox Pro < 2.1.1.0_jb3vu096a - Unauthenticated Sensitive Information Exposure
CVSS 4.3
CVE-2023-29114 MEDIUM
Enel X JuiceBox Pro 3.0 22kW Cellular < 2.1.1.0_JB3VU096A - Sensitive Information Exposure
CVSS 5.7
CVE-2023-5359 LOW
W3 Total Cache <= 2.7.5 - Unauthenticated Sensitive Information Exposure via Google OAuth API Secrets
CVSS 3.7
CVE-2023-37232 HIGH
Loftware Spectrum < 4.6 - Unauthorized Sensitive Information Exposure via Logs
CVSS 7.5
CVE-2023-48957 MEDIUM
PureVPN Linux client <2.0.2-Productions - Info Disclosure
CVSS 5.3
CVE-2023-42948 LOW
macOS < 14.0 - Unauthorized Wi-Fi Password Exposure in Recovery Mode
CVSS 3.3
CVE-2023-42925 LOW
iPadOS < 17.0 - Unauthorized Access to Notes Attachments
CVSS 3.3
Details
Vulnerabilities 10,146
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits