Weaknesses of type CWE-200

3,953 results
CVE-2025-55276LOWHCL Aftermarket DPC is affected by Internal IP Disclosure vulnerabilityEPSS 0.2%CVE-2026-32620MEDIUMDiscourse: Missing post-level authorization allows whisper metadata disclosureEPSS 0.2%CVE-2025-11645LOWTomofun Furbo Mobile App Authentication Token sensitive informationEPSS 0.2%CVE-2026-32618MEDIUMDiscourse: Unauthorized channel membership inference via excluded_memberships_channel_idEPSS 0.2%CVE-2026-32100MEDIUMswag/platform-security: `/api/_info/config` route exposes information about licenses and active security fixesEPSS 0.2%CVE-2026-32951MEDIUMDiscourse: Authorization bypass in oneboxer via user-controlled category idEPSS 0.2%CVE-2023-42934MEDIUMAn information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17.EPSS 0.2%CVE-2025-2348MEDIUMIROAD Dash Cam FX2 HTTP/RTSP event information disclosureEPSS 0.2%CVE-2025-52473MEDIUMliboqs secret-dependent branching in HQC reference implementation when compiled with Clang 17-20EPSS 0.2%CVE-2021-20260A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with EPSS 0.2%CVE-2026-5375LOWrunZero Platform API credential information leakEPSS 0.2%CVE-2024-0093MEDIUMCVEEPSS 0.2%CVE-2026-2317MEDIUMInappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a EPSS 0.2%CVE-2025-24220MEDIUMA permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.9. An app may bEPSS 0.2%CVE-2025-63579HIGHUnauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that enEPSS 0.2%CVE-2025-52631LOWHCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability.EPSS 0.2%CVE-2021-3923LOWA flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel sEPSS 0.2%CVE-2025-13821MEDIUMUser profile update exposes password hash and MFA secretsEPSS 0.2%CVE-2026-4994MEDIUMwandb OpenUI APIStatusError server.py generic_exception_handler information exposureEPSS 0.2%CVE-2024-40647MEDIUMUnintentional exposure of environment variables to subprocesses in sentry-sdkEPSS 0.2%