Weaknesses of type CWE-200

3,920 results
CVE-2024-13568HIGHFluent Support – Helpdesk & Customer Support Ticket System <= 1.8.5 - Unauthenticated Sensitive Information Exposure Through Unprotected DirectoryEPSS 0.4%CVE-2024-2080MEDIUMLiquidPoll – Polls, Surveys, NPS and Feedback Reviews <= 3.3.76 - Information ExposureEPSS 0.4%CVE-2025-30218LOWNext.js may leak x-middleware-subrequest-id to external hostsEPSS 0.4%CVE-2026-37452HIGHInsecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via EPSS 0.4%CVE-2026-37453HIGHInsecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via EPSS 0.4%CVE-2025-30214HIGHFrappe vulnerable to information disclosure leading to account takeoverEPSS 0.4%CVE-2024-13606HIGHJS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.8 - Unauthenticated Sensitive Information Exposure Through Unprotected DirectoryEPSS 0.4%CVE-2024-9538MEDIUMShopLentor <= 2.9.8 - Authenticated (Contributor+) Sensitive Information Exposure via WL: FAQ Widget Elementor TemplateEPSS 0.4%CVE-2024-31219MEDIUMDiscourse-reactions' reaction data and public topic whisper content exposed on reactions given user activity pageEPSS 0.4%CVE-2025-3966MEDIUMitwanger paicoding Browsing History home information disclosureEPSS 0.4%CVE-2026-28962HIGHThis issue was addressed with improved access restrictions. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iEPSS 0.4%CVE-2024-34696MEDIUM GeoServer's Server Status shows sensitive environmental variables and Java propertiesEPSS 0.4%CVE-2024-32131MEDIUMWordPress Download Manager plugin <= 3.2.82 - File Password Lock Bypass vulnerabilityEPSS 0.4%CVE-2024-6455MEDIUMElementsKit Elementor addons <= 3.2.0 - Unauthenticated Information Exposure via ekit_widgetarea_content FunctionEPSS 0.4%CVE-2025-6593LOW"{{SITENAME}} registered email address has been changed" email sent to unverified email addressesEPSS 0.4%CVE-2025-14198MEDIUMVerysync 微力同步 Web Administration download information disclosureEPSS 0.4%CVE-2023-27317MEDIUMInformation Disclosure Vulnerability in ONTAP 9 EPSS 0.4%CVE-2024-6544MEDIUMCustom Post Limits <= 4.4.1 - Unauthenticated Full Path DisclosureEPSS 0.4%CVE-2024-35341HIGHCertain Anpviz products allow unauthenticated users to download the running configuration of the device via a HTTP GET request to /ConfigFilEPSS 0.4%CVE-2025-59184MEDIUMStorage Spaces Direct Information Disclosure VulnerabilityEPSS 0.4%