Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-359

CWE-359

Exposure of Private Personal Information to an Unauthorized Actor

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

184 vulnerabilities with CWE-359

CVE-2023-28303 LOW

Microsoft Snip & Sketch/Snipping Tool - Unauthorized Exposure of Private Personal Information

CVE-2023-2703 HIGH

Finex Media Competition Management System < 23.07 - Exposure of Private Personal Information

CVE-2023-22918 MEDIUM

Zyxel ATP/NWA/USG/WAX - Info Disclosure

CVE-2023-2239 MEDIUM

microweber/microweber <1.3.4 - Info Disclosure

CVE-2023-29203 LOW

XWiki 13.9-13.10.8 - Unauthorized Exposure of Private User Information via uorgsuggest.vm

CVE-2023-25819 MEDIUM

Discourse tests-passed and beta branches >= 3.1.0.beta2 - Exposure of Private Personal Information via Metadata

CVE-2023-26041 LOW

Nextcloud Talk <15.0.3 - Info Disclosure

CVE-2022-46168 LOW

Discourse <2.8.14, <2.9.0.beta15 - Info Disclosure

CVE-2022-41971 MEDIUM

Nextcloud Talk 12.0.0-12.2.7 - Unauthorized Video Stream Access After Removal

CVE-2022-41936 MEDIUM

XWiki 8.1-13.10.7 - Unauthorized Exposure of Private Information via Modifications REST Endpoint

CVE-2022-20942 MEDIUM

Cisco AsyncOS < 14.2.1-015 - Authenticated Sensitive Information Exposure via Weak Authorization Checks

CVE-2022-2720 MEDIUM

Octopus Server 3.16.4-2022.1.3154 - Sensitive Value Exposure via Partial Masking Bypass

CVE-2022-36091 HIGH

XWiki Platform <14.2 - Info Disclosure

CVE-2022-0852 MEDIUM

convert2rhel < 0.26 - Unauthorized Password Exposure via Command Line

CVE-2022-2921 HIGH

notrinoserp < 0.7 - Unauthenticated Exposure of Private Personal Information

CVE-2022-35932 LOW

Nextcloud Talk <12.2.7, 13.0.7, 14.0.3 - Info Disclosure

CVE-2022-24890 LOW

Nextcloud Talk < 13.0.5 - Unauthorized Exposure of Private Personal Information via Call Moderator Permissions

CVE-2022-1365 MEDIUM

cross-fetch < 3.1.5 - Exposure of Private Personal Information

CVE-2022-24820 MEDIUM

XWiki Platform < 12.10.11 - Unauthenticated Exposure of Private Personal Information via Velocity Document Rendering

CVE-2022-24819 MEDIUM

XWiki < 12.10.11 - Unauthenticated Exposure of Private User Documents

CVE-2022-0482 CRITICAL

GitHub alextselegidis/easyappointments <1.4.3 - Info Disclosure

CVE-2022-24719 LOW

Fluture-Node 4.0.0/1 - Info Disclosure

CVE-2022-0155 MEDIUM

follow-redirects < 1.14.7 - Exposure of Private Personal Information to an Unauthorized Actor

CVE-2021-46687 MEDIUM

JFrog Artifactory <7.31.10,6.23.38 - Info Disclosure

CVE-2021-36723 MEDIUM

Emuse eServices/eNvoice - Unauthenticated Exposure of Private Personal Information via Predictable IDs

Previous Page 7 of 8 Next

Details

Vulnerabilities 184

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy