Weaknesses of type CWE-200

3,943 results
CVE-2025-20624MEDIUMExposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow aEPSS 0.2%CVE-2026-53643HIGHFOSSBilling allows low-privileged staff accounts to perform unauthorized actions via admin API endpointsEPSS 0.2%CVE-2026-11424HIGHServer-Side Request Forgery in Altium Platform Design GraphQL Service Allows Information DisclosureEPSS 0.2%CVE-2026-54264HIGHAngular: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service WorkerEPSS 0.2%CVE-2026-53640LOWFOSSBilling missing authorization checks on read-only admin API endpoints expose sensitive staff, client, and redirect dataEPSS 0.2%CVE-2022-20630MEDIUMCisco DNA Center Information Disclosure VulnerabilityEPSS 0.2%CVE-2021-21534MEDIUMDell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vuEPSS 0.2%CVE-2025-52372MEDIUMAn issue in hMailServer v.5.8.6 allows a local attacker to obtain sensitive information via the hmailserver/installation/hMailServerInnoExteEPSS 0.2%CVE-2020-9082LOWThere is an information disclosure vulnerability in several smartphones. The system has a logic judging error under certain scenario, the atEPSS 0.2%CVE-2026-43992CRITICALJunoClaw: MCP write tools exposed raw BIP-39 mnemonic as a tool-call parameterEPSS 0.2%CVE-2025-55272LOWHCL Aftermarket DPC is affected by Banner Disclosure vulnerabilityEPSS 0.2%CVE-2026-1307MEDIUMNinja Forms <= 3.14.1 - Authenticated (Contributor+) Sensitive Information Disclosure via Block Editor TokenEPSS 0.2%CVE-2026-34296MEDIUMVulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Product Quality ManageEPSS 0.2%CVE-2026-8993MEDIUMImproper URL Handler Processing in D.Launcher 2 enables NTLM Credential Disclosure and SSRF attacksEPSS 0.2%CVE-2025-43460MEDIUMA logic issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a locEPSS 0.2%CVE-2025-46388MEDIUMCWE-200 Exposure of Sensitive Information to an Unauthorized ActorEPSS 0.2%CVE-2023-29116MEDIUMPHP Information Disclosure in Enel X JuiceBoxEPSS 0.2%CVE-2026-33886MEDIUMStatamic's sensitive configuration values are exposed to content editors via Antlers-enabled fieldsEPSS 0.2%CVE-2026-30891MEDIUMDiscourse hasUnauthorized Exposure of Private User Action TypesEPSS 0.2%CVE-2026-41183MEDIUMFreeScout allows non-folder conversation queries to disclose assigned-only hidden conversationsEPSS 0.2%