Weaknesses of type CWE-200
3,933 resultsCVE-2025-40940MEDIUMA vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected application exhibits inconsistent SNMP behaviorEPSS 0.3%CVE-2022-31066MEDIUMConfiguration API in EdgeXFoundry exposes message bus credentials to local unauthenticated usersEPSS 0.3%CVE-2021-20332MEDIUMMongoDB Rust Driver may publish events containing authentication-related data to a connection pool event listener configured by an applicationEPSS 0.3%CVE-2026-5650MEDIUMcode-projects Online Application System for Admission oas.sql sensitive informationEPSS 0.3%CVE-2017-20210CRITICALPhoto StationEPSS 0.3%CVE-2026-6160MEDIUMcode-projects Simple ChatBox Endpoint chatbox.sql SimpleChatbox_PHP file information disclosureEPSS 0.3%CVE-2025-66027HIGHRallly Information Disclosure Vulnerability in Participant API Leaks Names and Emails Despite Pro Privacy SettingsEPSS 0.3%CVE-2026-27611HIGHFileBrowser Quantum: Password Protection Not Enforced on Shared File LinksEPSS 0.3%CVE-2026-32865CRITICALOPEXUS eComplaint and eCase insecure password resetEPSS 0.3%CVE-2025-4390MEDIUMWP Private Content Plus <= 3.6.2 - Unauthenticated Sensitive Information ExposureEPSS 0.3%CVE-2023-24588MEDIUMExposure of sensitive information to an unauthorized actor in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticateEPSS 0.3%CVE-2025-15103HIGHDVP-12SE11T - Authentication Bypass via Partial Password DisclosureEPSS 0.3%CVE-2026-29108MEDIUMAuthenticated SuiteCRM Users Can Retrieve The Password Hash of Any UserEPSS 0.3%CVE-2024-45391HIGHTina search token leak via lock file in TinaCMSEPSS 0.3%CVE-2026-55993HIGHApache Camel Atmosphere Websocket: The inbound consumer maps externally-supplied WebSocket query parameters into the Exchange without a HeaderFilterStrategy, allowing injection of Camel control headers - enabling influencing internal behaviourEPSS 0.3%CVE-2023-34242LOWCilium vulnerable to information leakage via incorrect ReferenceGrant handlingEPSS 0.3%CVE-2026-5413MEDIUMNewgen OmniDocs GetWebApiConfiguration information disclosureEPSS 0.3%CVE-2025-67732HIGHDify Vulnerable to Plaintext API Key Exposure via Model Provider Configuration EndpointEPSS 0.3%CVE-2025-15508MEDIUMMagic Import Document Extractor <= 1.0.6 - Unauthenticated Sensitive Information ExposureEPSS 0.3%CVE-2025-49653HIGHExposure of sensitive Information allows account takeoverEPSS 0.3%