Weaknesses of type CWE-200
3,942 resultsCVE-2025-6425MEDIUMThe WebCompat WebExtension shipped with Firefox exposed a persistent UUIDEPSS 0.2%CVE-2025-30435MEDIUMThis issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.4. A sandboxed app may beEPSS 0.2%CVE-2022-27575LOWInformation exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app inforEPSS 0.2%CVE-2025-12098MEDIUMAcademy LMS Pro <= 3.3.8 - Unauthenticated Sensitive Information Exposure via 'enqueue_social_login_script'EPSS 0.2%CVE-2025-11794MEDIUMPassword hash and MFA secret returned in user email verification endpointEPSS 0.2%CVE-2026-45080MEDIUMKlaw: Improper Access Control Allows Disclosure of Password HashEPSS 0.2%CVE-2025-12521MEDIUMAnalytify Pro <= 7.0.3 - Unauthenticated Information ExposureEPSS 0.2%CVE-2025-26711MEDIUMThere is an unauthorized access vulnerability in ZTE T5400. Due to improper permission control of the Web module interface, an unauthorized EPSS 0.2%CVE-2025-12039MEDIUMBigBuy Dropshipping Connector for WooCommerce <= 2.0.5 - Unauthenticated IP Spoofing to phpinfo() ExposureEPSS 0.2%CVE-2025-12677MEDIUMKiotViet Sync <= 1.8.5 - Unauthenticated Webhook Key ExposureEPSS 0.2%CVE-2024-44139LOWThe issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to aEPSS 0.2%CVE-2020-14335—A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flEPSS 0.2%CVE-2021-47403HIGHipack: ipoctal: fix module reference leakEPSS 0.2%CVE-2021-22276MEDIUMfree@home System Access Point FW integrity check can be bypassed.EPSS 0.2%CVE-2026-48210MEDIUMPossible information disclosure via External InterfaceEPSS 0.2%CVE-2023-29114MEDIUMUnauthorized System Log Disclosure in Enel X JuiceBoxEPSS 0.2%CVE-2023-5718MEDIUMThe Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard `postMessage()` API. By creatiEPSS 0.2%CVE-2025-24226MEDIUMThe issue was addressed with improved checks. This issue is fixed in Xcode 16.3. A malicious app may be able to access private information.EPSS 0.2%CVE-2026-9912MEDIUMInappropriate implementation in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensEPSS 0.2%CVE-2024-40804MEDIUMThe issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. A malicious application may be able to access privatEPSS 0.2%