Weaknesses of type CWE-200
3,920 resultsCVE-2024-10548MEDIUMWP Project Manager <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST APIEPSS 0.4%CVE-2024-24755MEDIUMdiscourse-group-membership-ip-block is exposing potentially sensitive custom fieldsEPSS 0.4%CVE-2025-49143MEDIUMNautobot may allows uploaded media files to be accessible without authenticationEPSS 0.4%CVE-2023-23499—This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS EPSS 0.4%CVE-2024-21040MEDIUMVulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versioEPSS 0.4%CVE-2023-37232HIGHLoftware Spectrum through 4.6 exposes Sensitive Information (Logs) to an Unauthorized Actor.EPSS 0.4%CVE-2026-58026NONE$wgNonincludableNamespaces can be bypassed by embedding redirect in other namespacesEPSS 0.4%CVE-2026-42047HIGHInngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methodsEPSS 0.4%CVE-2023-42666MEDIUMExposure of Sensitive Information to an Unauthorized Actor in DEXMA DEXGateEPSS 0.4%CVE-2024-34991HIGHIn the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique for PrestaShop, a guest can download partial credit card information (EPSS 0.4%CVE-2018-16883LOWsssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parEPSS 0.4%CVE-2021-46891—Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affeEPSS 0.4%CVE-2026-58027MEDIUMQueryAbuseFilter API can be used to see the hit count of private filters, which is hidden in the UIEPSS 0.4%CVE-2026-33761MEDIUMAVideo: Unauthenticated Access to Scheduler Plugin Endpoints Leaks Scheduled Tasks, Email Content, and User MappingsEPSS 0.4%CVE-2026-58024MEDIUMAPI identification of users on private wikisEPSS 0.4%CVE-2025-41230HIGHVMware Cloud Foundation Information Disclosure VulnerabilityEPSS 0.4%CVE-2015-8553MEDIUMXen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and IEPSS 0.4%CVE-2025-14280MEDIUMPixelYourSite <= 11.1.5 - Sensitive Information Exposure via Log FileEPSS 0.4%CVE-2025-22961HIGHA critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due EPSS 0.4%CVE-2023-47799HIGHMahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administratEPSS 0.4%