Weaknesses of type CWE-200
3,933 resultsCVE-2024-20904MEDIUMVulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supported versionsEPSS 0.4%CVE-2025-0441MEDIUMInappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitEPSS 0.4%CVE-2026-24422MEDIUMphpMyFAQ: Public API endpoints expose emails and invisible questionsEPSS 0.4%CVE-2024-20937MEDIUMVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported verEPSS 0.4%CVE-2026-39007HIGHAn issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export comEPSS 0.4%CVE-2023-33851MEDIUMIBM PowerVM Hypervisor information disclosureEPSS 0.4%CVE-2024-11351MEDIUMRestrict – membership, site, content and user access restrictions for WordPress <= 2.2.8 - Unauthenticated Content Restriction Bypass to Sensitive Information ExposureEPSS 0.4%CVE-2025-32986HIGHNETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint.EPSS 0.4%CVE-2024-11106MEDIUMSimple Restrict <= 1.2.7 - Unauthenticated Content Restriction Bypass to Sensitive Information ExposureEPSS 0.4%CVE-2023-42829MEDIUMThe issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS EPSS 0.4%CVE-2024-8756MEDIUMQuform - WordPress Form Builder <= 2.20.0 - Unauthenticated Sensitive Information ExposureEPSS 0.4%CVE-2025-57430HIGHCreacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint reEPSS 0.4%CVE-2025-45994HIGHAn issue in Aranda PassRecovery v1.0 allows attackers to enumerate valid user accounts in Active Directory via sending a crafted POST requesEPSS 0.4%CVE-2024-6553MEDIUMWP Meteor Website Speed Optimization Addon <= 3.4.3 - Unauthenticated Full Path DisclosureEPSS 0.4%CVE-2024-47915HIGHVaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized ActorEPSS 0.4%CVE-2024-6566MEDIUMAramex Shipping WooCommerce <= 1.1.21 - Unauthenticated Full Path DisclosureEPSS 0.4%CVE-2024-6571MEDIUMOptimize Images ALT Text (alt tag) & names for SEO using AI <= 3.1.1 - Unauthenticated Full Path DisclosureEPSS 0.4%CVE-2024-6559MEDIUMXCloner <= 4.7.3 - Unauthenticated Full Path DisclosureEPSS 0.4%CVE-2024-6548MEDIUMAdd Admin JavaScript <= 2.0 - Unauthenticated Full Path DislcosureEPSS 0.4%CVE-2024-6545MEDIUMAdmin Trim Interface <= 3.5.1 - Unauthenticated Full Path DisclosureEPSS 0.4%