Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-359

CWE-359

Exposure of Private Personal Information to an Unauthorized Actor

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

184 vulnerabilities with CWE-359

CVE-2026-26237 HIGH

QNAP QuMagie < 2.9.0 - Missing Authorization

CVE-2026-25699 MEDIUM

Apache Answer: Authorization Bypass in Timeline API

CVE-2026-8990 MEDIUM

Authentication Bypass in Kidsview

CVE-2026-28963 MEDIUM

iOS and iPadOS < 26.5 - Unauthorized Access to Sensitive User Data via Visual Intelligence

CVE-2026-28906 HIGH

iOS and iPadOS < 18.7.9 - Unauthorized IP Address Tracking via State Management

CVE-2026-7382 MEDIUM

Information Disclosure in MeWare Software's PDKS

CVE-2026-41182 MEDIUM

LangSmith SDK: Streaming token events bypass output redaction

CVE-2026-28950 MEDIUM

iOS/iPadOS <15.8.8/<16.7.16/<17.7.11/<18.7.8/<26.4.2 - Private Data Exposure via Logging

CVE-2026-6765 MEDIUM

Information disclosure in the Form Autofill component

CVE-2026-34226 HIGH

Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies

CVE-2026-3911 LOW

Keycloak - Authenticated Unauthorized User Attribute Exposure via UserResource Endpoint

CVE-2026-0102 LOW

Microsoft Edge Chromium < 145.0.3800.58 - Unauthorized Autofill Data Exposure via Consecutive Taps

CVE-2026-24321 MEDIUM

SAP Commerce Cloud - Info Disclosure

CVE-2026-24735 HIGH

Apache Answer <2.0.0 - Info Disclosure

CVE-2026-20834 MEDIUM

Microsoft Windows Shell - Absolute Path Traversal Spoofing via Physical Attack

CVE-2025-30459 MEDIUM

Apple macOS < 15.4 - Exposure of Private Personal Information to an Unauthorized Actor

CVE-2025-13477 HIGH

OTP Bypass in Digital Operation Services' WifiBurada

CVE-2025-66172 HIGH

Apache CloudStack: Any user can attach a volume in their VMs from backups they should not have access to

CVE-2025-66171 MEDIUM

Apache CloudStack: Any user can create a new VM from backups they should not have access to

CVE-2025-15623 HIGH

Sparx Pro Cloud Server reveals sensitive information to an unauthenticated user

CVE-2025-66605 MEDIUM

FAST/TOOLS <10.04 - Info Disclosure

CVE-2025-11598 LOW

mObywatel < 4.71.0 - Unauthorized Personal Information Exposure via App Switcher

CVE-2025-14317 HIGH

Crazy Bubble Tea <915-7.4.1 - Info Disclosure

CVE-2025-3950 LOW

GitLab CE/EE <18.5.5-18.7.1 - Info Disclosure

CVE-2025-68945 MEDIUM

Gitea < 1.21.2 - Unauthenticated Exposure of Private User Projects

Page 1 of 8 Next

Details

Vulnerabilities 184

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy