Weaknesses of type CWE-200

3,933 results
CVE-2025-23074LOWSpecial:EditProfile exposes the contents of profile fields marked "hidden"/friends or "friends of friends" when the privileged user isn't a friend of the user whose profile they edit(ed)EPSS 0.3%CVE-2021-3732A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows EPSS 0.3%CVE-2025-13596LOWImproper Error Handling Leading to Sensitive Information Disclosure in CIGES ≤ 2.15.6EPSS 0.3%CVE-2025-54468MEDIUMRancher sends sensitive information to external services through the `/meta/proxy` endpointEPSS 0.3%CVE-2026-56322HIGHCapgo - Information Disclosure via Unauthenticated /updates defaultChannel ParameterEPSS 0.3%CVE-2025-46279CRITICALA permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.EPSS 0.3%CVE-2025-2228MEDIUMResponsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.8 - Authenticated (Contributor+) Sensitive Information ExposureEPSS 0.3%CVE-2026-27100MEDIUMJenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not EPSS 0.3%CVE-2025-3923MEDIUMPrevent Direct Access – Protect WordPress Files <= 2.8.8 - Unauthenticated Sensitive Information ExposureEPSS 0.3%CVE-2025-29486MEDIUMlibming v0.4.8 was discovered to contain a memory leak via the parseSWF_PLACEOBJECT3 function.EPSS 0.3%CVE-2018-0368A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, local attacker to access sensitive informatEPSS 0.3%CVE-2024-39287MEDIUMDorsett Controls InfoScan Exposure of Sensitive Information To An Unauthorized ActorEPSS 0.3%CVE-2026-6728MEDIUMSlider Revolution <= 7.0.9 - Unauthenticated Sensitive Information Exposure via 'sliders/stream'EPSS 0.3%CVE-2025-9461MEDIUMdiyhi bbs File Compression FilePackageManageAction.java information disclosureEPSS 0.3%CVE-2026-8967HIGHInformation disclosure in the Graphics: WebGPU componentEPSS 0.3%CVE-2026-8966HIGHInformation disclosure in the IP Protection componentEPSS 0.3%CVE-2026-55450CRITICALLangflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leakEPSS 0.3%CVE-2026-35449MEDIUMWWBN AVideo has Unauthenticated Information Disclosure via Disabled CLI Guard in install/test.phpEPSS 0.3%CVE-2026-1197LOWMineAdmin downloadById information disclosureEPSS 0.3%CVE-2025-52493MEDIUMPagerDuty Runbook through 2025-06-12 exposes stored secrets directly in the webpage DOM at the configuration page. Although these secrets apEPSS 0.3%