Weaknesses of type CWE-200
3,929 resultsCVE-2026-39889HIGHPraisonAI has Unauthenticated SSE Event Stream Exposes All Agent Activity in A2U ServerEPSS 0.4%CVE-2024-41700HIGHBarix – CWE-200 Exposure of Sensitive Information to an Unauthorized ActorEPSS 0.4%CVE-2023-30611MEDIUMReaction metadata exposed in private topics in Discourse-reactionsEPSS 0.4%CVE-2023-50894HIGHIn Janitza GridVis through 9.0.66, use of hard-coded credentials in the de.janitza.pasw.feature.impl.activators.PasswordEncryption password EPSS 0.4%CVE-2023-39974—Extension - acymailing.com - Exposure of Sensitive Information in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3EPSS 0.4%CVE-2024-6549MEDIUMAdmin Post Navigation <= 2.1 - Unauthenticated Full Path DisclosureEPSS 0.4%CVE-2025-31491HIGHAutoGPT allows leakage of cross-domain cookies and protected headers in requests redirectEPSS 0.4%CVE-2026-32081MEDIUMPackage Catalog Information Disclosure VulnerabilityEPSS 0.4%CVE-2022-48348CRITICALThe MediaProvider module has a vulnerability of unauthorized data read. Successful exploitation of this vulnerability may affect confidentiaEPSS 0.4%CVE-2024-39182HIGHAn information disclosure vulnerability in ISPmanager v6.98.0 allows attackers to access sensitive details of the root user's session via anEPSS 0.4%CVE-2026-22237CRITICALExposed Internal API Documentation Vulnerability in BLUVOYIXEPSS 0.4%CVE-2024-35691MEDIUMWordPress Widget Options - Extended plugin <= 5.1.0 - Multiple Data Exposure VulnerabilityEPSS 0.4%CVE-2022-48347—The MediaProvider module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect confidentiEPSS 0.4%CVE-2025-7919HIGHSimopro Technology|WinMatrix3 Web package - SQL InjectionEPSS 0.4%CVE-2022-39397MEDIUMExposure of sensitive information in aliyun-oss-clientEPSS 0.4%CVE-2024-27113CRITICALInsecure Direct Object Reference to export Database in SOPlanning before 1.52.02EPSS 0.4%CVE-2022-2739—The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman EPSS 0.4%CVE-2026-41278HIGHFlowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDsEPSS 0.4%CVE-2026-33163HIGHParse Server leaks protected fields via LiveQuery afterEvent triggerEPSS 0.4%CVE-2025-15625CRITICALUnauthenticated execution of arbitrary SQL queries in Sparx Pro Cloud ServerEPSS 0.4%