CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2023-5516 MEDIUM
HitachiEnergy eSOMs < 6.3.13 - Unauthenticated Sensitive Information Exposure via Malformed WebAPI Requests
CVSS 5.3
CVE-2023-5515 MEDIUM
HitachiEnergy eSOMs < 6.3.13 - Information Disclosure via Web Query Parameter
CVSS 5.3
CVE-2023-43796 MEDIUM
Synapse <1.95.1-1.96.0rc1 - Info Disclosure
CVSS 5.3
CVE-2023-43041 MEDIUM
IBM QRadar SIEM 7.5 - Info Disclosure
CVSS 6.5
CVE-2023-33558 HIGH
ocomon < 4.0.1 - Information Disclosure via users-grid-data.php
CVSS 7.5
CVE-2023-31416 MEDIUM
Elastic Cloud on Kubernetes < 2.8 - Unauthenticated Exposure of Sensitive Information via APM Server
CVSS 5.3
CVE-2023-38849 HIGH
Tire-Sales Line <13.6.1 - Info Disclosure
CVSS 7.5
CVE-2023-38847 HIGH
CHRISTINA JAPAN Line <13.6.1 - Info Disclosure
CVSS 7.5
CVE-2023-38846 HIGH
Marbre Lapin Line <13.6.1 - Info Disclosure
CVSS 7.5
CVE-2023-38845 HIGH
Anglaise Company Anglaise.Company <v.13.6.1 - Info Disclosure
CVSS 7.5
CVE-2023-42846 MEDIUM
iPadOS < 16.7.2 - Wi-Fi MAC Address Passive Tracking
CVSS 5.3
CVE-2023-41988 MEDIUM
iPadOS 17.0-17.1 - Unauthorized Sensitive Data Exposure via Siri on Locked Device
CVSS 6.8
CVE-2023-46128 MEDIUM
Nautobot 2.0.0-2.0.2 - Authenticated Exposure of Hashed User Passwords via REST API Depth Parameter
CVSS 6.5
CVE-2023-46125 MEDIUM
Fides < 2.22.1 - Unauthorized Exposure of Sensitive Configuration via API Endpoint
CVSS 6.5
CVE-2023-42490 HIGH
EisBaer Scada < 3.0.6433.1964 - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 7.5
CVE-2023-39739 HIGH
REGINA SWEETS&BAKERY Line 13.6.1 - Exposure of Sensitive Information via Client Secret Leakage
CVSS 8.2
CVE-2023-39737 HIGH
Matsuya 13.6.1 - Exposure of Sensitive Information via Client Secret Leakage
CVSS 8.2
CVE-2023-39736 HIGH
Fukunaga_memberscard 13.6.1 - Exposure of Sensitive Information via Client Secret Leakage
CVSS 8.2
CVE-2023-39735 HIGH
Uomasa_Saiji_news Line 13.6.1 - Exposure of Sensitive Information via Client Secret Leakage
CVSS 8.2
CVE-2023-46288 MEDIUM
Apache Airflow <2.7.0 - Info Disclosure
CVSS 4.3
CVE-2023-5718 MEDIUM
Vue.js Devtools - Unauthenticated Sensitive Data Exposure via postMessage API
CVSS 4.3
CVE-2023-46315 HIGH
Stable Diffusion web UI <977815a - Info Disclosure
CVSS 7.5
CVE-2023-5070 MEDIUM
Ultimatelysocial Social Media Share Buttons & Social Sharing Icons < 2.8.6 - Information Disclosure
CVSS 6.5
CVE-2023-4796 MEDIUM
Booster for WooCommerce <= 7.1.0 - Authenticated Information Disclosure via wcj_wp_option Shortcode
CVSS 4.3
CVE-2023-5576 HIGH
WPvivid <= 0.9.91 - Unauthenticated Sensitive Information Exposure via Google Drive API
CVSS 8.0
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits