Weaknesses of type CWE-200
3,932 resultsCVE-2022-34351MEDIUMIBM QRadar SIEM information disclosureEPSS 0.4%CVE-2025-22960HIGHA session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters. Unauthenticated aEPSS 0.4%CVE-2026-34785HIGHRack: Local file inclusion in `Rack::Static` via URL Prefix MatchingEPSS 0.4%CVE-2024-6556MEDIUMSmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.8 - Unauthenticated Full Path DisclosureEPSS 0.4%CVE-2025-30439MEDIUMThe issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.EPSS 0.4%CVE-2024-26132MEDIUMElement Android can be asked to share internal files.EPSS 0.4%CVE-2025-7394HIGHIn the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for prEPSS 0.4%CVE-2025-62604MEDIUMMeterSphere logic flaw allows retrieval of arbitrary user informationEPSS 0.4%CVE-2017-12361—A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the JaEPSS 0.4%CVE-2025-53886MEDIUMDirectus doesn't redact tokens in Flow logsEPSS 0.4%CVE-2024-26478MEDIUMAn issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint.EPSS 0.4%CVE-2026-49984HIGHKestra: Path traversal in `LocalStorage` allows any authenticated user to read arbitrary server files via the execution file-download API (`\..\` bypasses the `..` guard)EPSS 0.4%CVE-2026-30829MEDIUMCheckmate: Unauthenticated Access to Unpublished Status PageEPSS 0.4%CVE-2024-36829HIGHIncorrect access control in Teldat M1 v11.00.05.50.01 allows attackers to obtain sensitive information via a crafted query string.EPSS 0.4%CVE-2025-12738LOWEnumeration of restricted property valueEPSS 0.4%CVE-2024-42006HIGHKeyfactor AWS Orchestrator through 2.0 allows Information Disclosure.EPSS 0.4%CVE-2022-30736MEDIUMImproper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery wiEPSS 0.4%CVE-2026-4712HIGHInformation disclosure in the Widget: Cocoa componentEPSS 0.4%CVE-2024-11153MEDIUMContent Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More <= 2.5.0 - Unauthenticated Content Restriction Bypass to Sensitive Information ExposureEPSS 0.4%CVE-2022-30743MEDIUMImproper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery wiEPSS 0.4%