Weaknesses of type CWE-200

3,932 results
CVE-2024-45805MEDIUMOpenCTI leaks support information due to inadequate access controlEPSS 0.3%CVE-2024-23228MEDIUMThis issue was addressed through improved state management. This issue is fixed in iOS 17.3 and iPadOS 17.3. Locked Notes content may have bEPSS 0.3%CVE-2025-13683MEDIUMExposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.This issue affects Devolutions ServeEPSS 0.3%CVE-2024-43801MEDIUMPrivilege escalation to admin from a low-privileged user via SVG upload in JellyfinEPSS 0.3%CVE-2026-40965CRITICALCloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC EPSS 0.3%CVE-2024-23557LOWHCL Connections is vulnerable to a user enumeration vulnerabilityEPSS 0.3%CVE-2024-43237MEDIUMWordPress Tag Groups plugin <= 2.0.3 - Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2025-0525LOWIn affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. This could EPSS 0.3%CVE-2023-43123Apache Storm: Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary filesEPSS 0.3%CVE-2026-41266HIGHFlowise: Sensitive Data Leak in public-chatbotConfigEPSS 0.3%CVE-2026-0950MEDIUMSpectra Gutenberg Blocks <= 2.19.17 - Unauthenticated Information Disclosure in Sensitive DataEPSS 0.3%CVE-2026-21940HIGHVulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: User and User Group). The supported version that is affecEPSS 0.3%CVE-2025-30352MEDIUMDirectus `search` query parameter allows enumeration of non permitted fieldsEPSS 0.3%CVE-2025-22956CRITICALOPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalatEPSS 0.3%CVE-2024-35682MEDIUMWordPress Otter Blocks PRO plugin <= 2.6.11 - Authenticated Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2025-25333HIGHAn issue in IKEA CN iOS 4.13.0 allows attackers to access sensitive user information via supplying a crafted link.EPSS 0.3%CVE-2024-39807LOWChannel IDs of archived/restored channels leaked via webhook eventsEPSS 0.3%CVE-2026-30846HIGHWekan Exposes All Global Webhook Integrations through globalwebhooks PublicationEPSS 0.3%CVE-2021-27908MEDIUMIn all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user EPSS 0.3%CVE-2025-25195MEDIUMZulip events can leak private channel namesEPSS 0.3%