Weaknesses of type CWE-200

3,932 results
CVE-2024-21152HIGHVulnerability in the Oracle Process Manufacturing Financials product of Oracle E-Business Suite (component: Allocation Rules). Supported veEPSS 0.4%CVE-2026-23983LOWApache Superset: Sensitive Data Exposure via REST API (disabled by default)EPSS 0.4%CVE-2021-32638MEDIUMCodeQL runner: Command-line options that make GitHub access tokens visible to other processes are now deprecatedEPSS 0.4%CVE-2025-8519MEDIUMgivanz Vvveb Drag-and-Drop Editor editor information disclosureEPSS 0.4%CVE-2024-13568HIGHFluent Support – Helpdesk & Customer Support Ticket System <= 1.8.5 - Unauthenticated Sensitive Information Exposure Through Unprotected DirectoryEPSS 0.4%CVE-2025-54118MEDIUMNamelessMC allows sensitive information disclosure in member list componentEPSS 0.4%CVE-2011-4916Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.EPSS 0.4%CVE-2023-34250MEDIUMDiscourse vulnerable to exposure of number of topics recently created in private categoriesEPSS 0.4%CVE-2024-11083MEDIUMProfilePress <= 4.15.18 - Unauthenticated Content Restriction Bypass to Sensitive Information ExposureEPSS 0.4%CVE-2023-4877MEDIUMExposure of Sensitive Information to an Unauthorized Actor in hamza417/inureEPSS 0.4%CVE-2026-37452HIGHInsecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via EPSS 0.4%CVE-2024-13606HIGHJS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.8 - Unauthenticated Sensitive Information Exposure Through Unprotected DirectoryEPSS 0.4%CVE-2024-2080MEDIUMLiquidPoll – Polls, Surveys, NPS and Feedback Reviews <= 3.3.76 - Information ExposureEPSS 0.4%CVE-2026-37453HIGHInsecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via EPSS 0.4%CVE-2025-30214HIGHFrappe vulnerable to information disclosure leading to account takeoverEPSS 0.4%CVE-2022-48516Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerabilityEPSS 0.4%CVE-2025-30218LOWNext.js may leak x-middleware-subrequest-id to external hostsEPSS 0.4%CVE-2024-31219MEDIUMDiscourse-reactions' reaction data and public topic whisper content exposed on reactions given user activity pageEPSS 0.4%CVE-2024-9538MEDIUMShopLentor <= 2.9.8 - Authenticated (Contributor+) Sensitive Information Exposure via WL: FAQ Widget Elementor TemplateEPSS 0.4%CVE-2026-28962HIGHThis issue was addressed with improved access restrictions. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iEPSS 0.4%