Weaknesses of type CWE-200
3,911 resultsCVE-2022-41859HIGHIn freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantiallEPSS 0.9%CVE-2024-11961MEDIUMGuangzhou Huayi Intelligent Technology Jeewms WmOmNoticeHController.java preHandle information disclosureEPSS 0.9%CVE-2022-47070HIGHNVS365 V01 is vulnerable to Incorrect Access Control. After entering a wrong password, the url will be sent to the server twice. In the secoEPSS 0.9%CVE-2021-41123MEDIUMExposure of Sensitive Information to an Unauthorized Actor in WB.UI.Headquarters.dllEPSS 0.9%CVE-2019-19283—A vulnerability has been identified in XHQ (All Versions < 6.1). The application's web server could expose non-sensitive information about tEPSS 0.9%CVE-2024-38650CRITICALAn authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.EPSS 0.9%CVE-2025-59716MEDIUMownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/{email}/{token} endpoint. Because of insEPSS 0.9%CVE-2022-31068MEDIUMSensitive Data Exposure on Refused Inventory Files in GLPIEPSS 0.9%CVE-2021-21443LOWUnautorized listing of the customer user emailsEPSS 0.9%CVE-2023-2446MEDIUMUserPro <= 5.1.1 - Sensitive Information Disclosure via ShortcodeEPSS 0.8%CVE-2024-6569MEDIUMCampaign Monitor for WordPress <= 2.8.15 - Unauthenticated Full Path DisclosureEPSS 0.8%CVE-2021-39224LOWFile path disclosure of shared files in OfficeOnline applicationEPSS 0.8%CVE-2023-0027MEDIUMRockwell Automation Modbus TCP AOI Server Could Leak Sensitive InformationEPSS 0.8%CVE-2023-24923MEDIUMMicrosoft OneDrive for Android Information Disclosure VulnerabilityEPSS 0.8%CVE-2022-24849MEDIUMContact to DisCatSharp-owned server using authenticated clientEPSS 0.8%CVE-2024-39676HIGHApache Pinot: Unauthorized endpoint exposed sensitive informationEPSS 0.8%CVE-2022-29241HIGHKnown or guessable hidden files may be accessed in Jupyter ServerEPSS 0.8%CVE-2021-34702MEDIUMCisco Identity Services Engine Sensitive Information Disclosure VulnerabilityEPSS 0.8%CVE-2021-37703MEDIUMInformation exposure in DiscourseEPSS 0.8%CVE-2024-28442HIGHDirectory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically proximate attacker to obtain sensitive information via tEPSS 0.8%