CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,146 vulnerabilities with CWE-200
CVE-2023-42829 MEDIUM
macOS 11.0-11.7.8 - Unauthorized SSH Passphrase Exposure via App State Observability
CVSS 5.5
CVE-2023-41987 MEDIUM
macOS < 14.0 - Unprotected User Data Exposure
CVSS 5.5
CVE-2023-40411 MEDIUM
macOS < 14.0 - Unprotected User Data Exposure
CVSS 5.5
CVE-2023-40385 MEDIUM
Safari < 17.0 - DNS Query Leak via Private Relay
CVSS 6.5
CVE-2023-51406 MEDIUM
Ninja Team FastDup <2.1.7 - Info Disclosure
CVSS 5.3
CVE-2023-52208 MEDIUM
Constant Contact Forms < 2.4.2 - Sensitive Data Exposure via Log File
CVSS 5.3
CVE-2023-52190 HIGH
WP Swings Coupon Referral Program <= 1.7.2 - Unauthenticated Exposure of Sensitive Information
CVSS 7.5
CVE-2023-52126 MEDIUM
Send Users Email < 1.4.3 - Exposure of Sensitive Information
CVSS 5.3
CVE-2023-52151 MEDIUM
Uncanny Automator < 5.1.0.2 - Sensitive Data Exposure via Log File
CVSS 5.3
CVE-2023-52148 MEDIUM
Affiliates Manager < 2.9.30 - Sensitive Data Exposure via Log File
CVSS 5.3
CVE-2023-51154 CRITICAL
jizhicms v2.5 - Arbitrary File Download via PluginsController.php
CVSS 9.8
CVE-2023-50253 CRITICAL
Laf <= 1.0.0-beta.13 - Authenticated Sensitive Information Exposure via Pod Log Retrieval
CVSS 9.6
CVE-2023-46741 MEDIUM
CubeFS < 3.3.1 - Sensitive Configuration Key Exposure in Logs
CVSS 4.8
CVE-2023-50346 LOW
HCL DRYiCE MyXalytics - Exposure of Sensitive Information via File Information Endpoints
CVSS 3.1
CVE-2023-4164 HIGH
Android - Unauthenticated Local Information Disclosure of Health Data
CVSS 8.4
CVE-2023-48732 MEDIUM
Mattermost < 8.1.7 - Unauthorized Exposure of Notification Information via WebSocket Broadcast
CVSS 4.3
CVE-2023-52185 MEDIUM
Everest Backup < 2.1.9 - Sensitive Data Exposure via Log File
CVSS 5.3
CVE-2023-52286 HIGH
Tencent Distributed SQL < 1.8.5 - Unauthenticated Database Credential Exposure via API Endpoint
CVSS 7.5
CVE-2023-51688 MEDIUM
impleCode eCommerce Product Catalog Plugin <3.3.26 - Info Disclosure
CVSS 5.3
CVE-2023-51687 MEDIUM
impleCode Product Catalog <1.7.6 - Info Disclosure
CVSS 5.3
CVE-2023-51527 MEDIUM
Senol Sahin AI Power - Info Disclosure
CVSS 5.3
CVE-2023-27447 MEDIUM
VeronaLabs WP SMS < 6.0.4 - Exposure of Sensitive Information
CVSS 5.3
CVE-2023-50968 HIGH
Apache OFBiz < 18.12.11 - Unauthenticated Arbitrary File Read and Server-Side Request Forgery
CVSS 7.5
CVE-2023-7094 MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - Information Disclosure via /protocol/nsasg6.0.tgz
CVSS 5.3
CVE-2023-40058 MEDIUM
SolarWinds Access Rights Manager < 2023.2.1 - Unauthorized Sensitive Data Exposure via Public Knowledgebase
CVSS 6.5
Details
Vulnerabilities 10,146
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits