Weaknesses of type CWE-200
3,929 resultsCVE-2024-10329MEDIUMUltimate Bootstrap Elements for Elementor <= 1.4.6 - Authenticated (Contributor+) Sensitive Information ExposureEPSS 0.4%CVE-2024-7554MEDIUMExposure of Sensitive Information to an Unauthorized Actor in GitLabEPSS 0.4%CVE-2024-11280MEDIUMPPWP – Password Protect Pages <= 1.9.5 - Unauthenticated Content Restriction Bypass to Sensitive Information ExposureEPSS 0.4%CVE-2023-43998MEDIUMAn issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel accessEPSS 0.4%CVE-2024-41696HIGHPriority PRI WEB Portal Add-On for Priority ERP on prem – CWE-200: Exposure of Sensitive Information to an Unauthorized ActorEPSS 0.4%CVE-2026-12203MEDIUMHKUDS AI-Trader Research Export agents.csv information disclosureEPSS 0.4%CVE-2024-13829MEDIUMWordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.8 - Unauthenticated Sensitive Information ExposureEPSS 0.4%CVE-2025-27845CRITICALIn ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secretEPSS 0.4%CVE-2025-29745HIGHA vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024.12 allows attackers on a remote server to obtain Net-NTEPSS 0.4%CVE-2025-63891HIGHInformation Disclosure in web-accessible backup file in SourceCodester Simple Online Book Store System allows a remote unauthenticated attacEPSS 0.4%CVE-2022-20953MEDIUMCisco TelePresence Collaboration Endpoint and RoomOS Software VulnerabilitiesEPSS 0.4%CVE-2024-53359HIGHAn issue in Zalo v23.09.01 allows attackers to obtain sensitive user information via a crafted GET request.EPSS 0.4%CVE-2025-62669MEDIUMUserInfoCard: activeLocalBlocksAllWikis does not do permissions checksEPSS 0.4%CVE-2025-68719HIGHKAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any user is logged in and maintains an active sessEPSS 0.4%CVE-2026-30852MEDIUMCaddy: vars_regexp double-expands user input, leaking env vars and filesEPSS 0.4%CVE-2026-8028MEDIUMFlowiseAI Flowise Endpoint account.service.ts verify information disclosureEPSS 0.4%CVE-2026-27796MEDIUMHomarr: Unauthenticated Information Disclosure (Integration Metadata Leak)EPSS 0.4%CVE-2021-32638MEDIUMCodeQL runner: Command-line options that make GitHub access tokens visible to other processes are now deprecatedEPSS 0.4%CVE-2026-42333MEDIUMquarkus-openapi-generator has overly broad path-parameter matching that sends authentication headers to unintended operationsEPSS 0.4%CVE-2024-8899MEDIUMJeg Elementor Kit <= 2.6.9 - Authenticated (Contributor+) Sensitive Information Exposure via sg_content_templateEPSS 0.4%