Weaknesses of type CWE-200

3,920 results
CVE-2025-7394HIGHIn the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for prEPSS 0.4%CVE-2024-26478MEDIUMAn issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint.EPSS 0.4%CVE-2024-36829HIGHIncorrect access control in Teldat M1 v11.00.05.50.01 allows attackers to obtain sensitive information via a crafted query string.EPSS 0.4%CVE-2026-49984HIGHKestra: Path traversal in `LocalStorage` allows any authenticated user to read arbitrary server files via the execution file-download API (`\..\` bypasses the `..` guard)EPSS 0.4%CVE-2025-12738LOWEnumeration of restricted property valueEPSS 0.4%CVE-2026-30829MEDIUMCheckmate: Unauthenticated Access to Unpublished Status PageEPSS 0.4%CVE-2026-4712HIGHInformation disclosure in the Widget: Cocoa componentEPSS 0.4%CVE-2022-30736MEDIUMImproper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery wiEPSS 0.4%CVE-2024-42006HIGHKeyfactor AWS Orchestrator through 2.0 allows Information Disclosure.EPSS 0.4%CVE-2025-11710CRITICALCross-process information leaked due to malicious IPC messagesEPSS 0.4%CVE-2024-11153MEDIUMContent Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More <= 2.5.0 - Unauthenticated Content Restriction Bypass to Sensitive Information ExposureEPSS 0.4%CVE-2023-26441MEDIUMCacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An atEPSS 0.4%CVE-2022-30743MEDIUMImproper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery wiEPSS 0.4%CVE-2025-29745HIGHA vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024.12 allows attackers on a remote server to obtain Net-NTEPSS 0.4%CVE-2023-39052An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages.EPSS 0.4%CVE-2026-7166CRITICALMultiple vulnerabilities in the Assassin game by GaudireEPSS 0.4%CVE-2023-39045An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages.EPSS 0.4%CVE-2024-10548MEDIUMWP Project Manager <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST APIEPSS 0.4%CVE-2026-6492MEDIUMarnobt78 Hotel Booking Management System Health Check Endpoint detailed information disclosureEPSS 0.4%CVE-2024-24755MEDIUMdiscourse-group-membership-ip-block is exposing potentially sensitive custom fieldsEPSS 0.4%