Weaknesses of type CWE-200

3,932 results
CVE-2025-11710CRITICALCross-process information leaked due to malicious IPC messagesEPSS 0.4%CVE-2026-4712HIGHInformation disclosure in the Widget: Cocoa componentEPSS 0.4%CVE-2023-39045An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages.EPSS 0.4%CVE-2024-10548MEDIUMWP Project Manager <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST APIEPSS 0.4%CVE-2026-6492MEDIUMarnobt78 Hotel Booking Management System Health Check Endpoint detailed information disclosureEPSS 0.4%CVE-2023-39052An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages.EPSS 0.4%CVE-2022-39018HIGHBroken access controls on PDFtron data in M-Files HubshareEPSS 0.4%CVE-2026-7166CRITICALMultiple vulnerabilities in the Assassin game by GaudireEPSS 0.4%CVE-2024-24755MEDIUMdiscourse-group-membership-ip-block is exposing potentially sensitive custom fieldsEPSS 0.4%CVE-2022-42843HIGHThis issue was addressed with improved data protection. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watcEPSS 0.4%CVE-2023-23499This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS EPSS 0.4%CVE-2025-49143MEDIUMNautobot may allows uploaded media files to be accessible without authenticationEPSS 0.4%CVE-2023-42666MEDIUMExposure of Sensitive Information to an Unauthorized Actor in DEXMA DEXGateEPSS 0.4%CVE-2026-58026NONE$wgNonincludableNamespaces can be bypassed by embedding redirect in other namespacesEPSS 0.4%CVE-2026-33761MEDIUMAVideo: Unauthenticated Access to Scheduler Plugin Endpoints Leaks Scheduled Tasks, Email Content, and User MappingsEPSS 0.4%CVE-2025-30724HIGHVulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.EPSS 0.4%CVE-2023-37232HIGHLoftware Spectrum through 4.6 exposes Sensitive Information (Logs) to an Unauthorized Actor.EPSS 0.4%CVE-2026-58027MEDIUMQueryAbuseFilter API can be used to see the hit count of private filters, which is hidden in the UIEPSS 0.4%CVE-2026-58024MEDIUMAPI identification of users on private wikisEPSS 0.4%CVE-2018-16883LOWsssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parEPSS 0.4%