Weaknesses of type CWE-200
3,943 resultsCVE-2026-56242HIGHCapgo - Unauthenticated API Key Validity Oracle and User Identity Disclosure via get_identity_apikey_only RPCEPSS 0.3%CVE-2026-6000MEDIUMcode-projects Online Library Management System SQL Database Backup File library.sql information disclosureEPSS 0.3%CVE-2026-44786HIGHDiscourse: Public chat MessageBus broadcasts are not restricted to chat-eligible usersEPSS 0.3%CVE-2026-5960MEDIUMcode-projects Patient Record Management System SQL Database Backup File hcpms.sql information disclosureEPSS 0.3%CVE-2025-6745MEDIUMWoodMart <= 8.2.5 - Unauthenticated Post DisclosureEPSS 0.3%CVE-2025-13758LOWExposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.EPSS 0.3%CVE-2025-52669MEDIUMInsecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to havEPSS 0.3%CVE-2024-25011MEDIUMEricsson Catalog Manager and Ericsson Order Care - Exposure of Sensitive Information VulnerabilityEPSS 0.3%CVE-2026-41659LOWAdmidio: Hidden Profile Field Values Leaked via Blind Search Oracle in Member AssignmentEPSS 0.3%CVE-2022-27576LOWInformation exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app EPSS 0.3%CVE-2020-13481MEDIUMCertain Lexmark products through 2020-05-25 allow XSS which allows an attacker to obtain session credentials and other sensitive informationEPSS 0.3%CVE-2026-43885HIGHWWBN AVideo: Exposure of Sensitive Information to an Unauthorized Actor and Missing AuthorizationEPSS 0.3%CVE-2025-30463MEDIUMThe issue was addressed with improved restriction of data container access. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 1EPSS 0.3%CVE-2026-12408MEDIUMSlim SEO <= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure via 'object.ID' ParameterEPSS 0.3%CVE-2025-11644LOWTomofun Furbo 360/Furbo Mini UART sensitive informationEPSS 0.3%CVE-2021-20256—A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hEPSS 0.3%CVE-2024-31799MEDIUMInformation Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via thEPSS 0.3%CVE-2026-6347HIGHMattermost Calls plugin exposes TURN server credentials in plaintext in support packetsEPSS 0.3%CVE-2021-25332LOWImproper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to contacts information over the lockscrEPSS 0.3%CVE-2021-25333LOWImproper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreEPSS 0.3%