CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Description
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79
CVEs mapped to this weakness (7,319)
page 20 of 366| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-0247 | Hig | 0.51 | 7.8 | 0.00 | Oct 22, 2016 | IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain sensitive cleartext information via unspecified vectors, as demonstrated by password information. | ||
| CVE-2016-3946 | Hig | 0.51 | 7.8 | 0.00 | Oct 13, 2016 | SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461. | ||
| CVE-2016-6680 | Hig | 0.51 | 7.8 | 0.01 | Oct 10, 2016 | CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted application that makes an iw_set_priv ioctl call, aka Android internal bug 29982678 and… | ||
| CVE-2016-3255 | Hig | 0.51 | 7.5 | 0.25 | Jul 13, 2016 | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET… | ||
| CVE-2016-0287 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2016 | IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors. | ||
| CVE-2016-4913 | Hig | 0.51 | 7.8 | 0.01 | May 23, 2016 | The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via… | ||
| CVE-2015-3193 | Hig | 0.51 | 7.5 | 0.25 | Dec 6, 2015 | The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain… | ||
| CVE-2003-1567 | Hig | 0.51 | 7.5 | 0.25 | Jan 15, 2009 | The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly… | ||
| CVE-2026-6346 | Hig | 0.50 | 8.7 | 0.00 | May 18, 2026 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields before including them in support packet generation, which allows a Mattermost System Admin or any party with access to a support packet to obtain sensitive… | ||
| CVE-2026-44738 | — | Hig | 0.50 | 7.7 | 0.00 | May 11, 2026 | Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray() from within a page body, dumping the entire merged site configuration — including all plugin secrets (SMTP passwords, AWS… | |
| CVE-2026-4020 | Hig | 0.50 | 7.5 | 0.40 | Mar 31, 2026 | The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permission_callback that unconditionally returns… | ||
| CVE-2025-67718 | Hig | 0.50 | — | 0.00 | Dec 11, 2025 | Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path handling which could allow an attacker to access protected API endpoints by sending a crafted request path. An unauthenticated or… | ||
| CVE-2025-61679 | Hig | 0.50 | 7.7 | 0.00 | Oct 3, 2025 | Anyquery is an SQL query engine built on top of SQLite. Versions 0.4.3 and below allow attackers who have already gained access to localhost, even with low privileges, to use the http server through the port unauthenticated, and access private integration data like emails,… | ||
| CVE-2025-32953 | Hig | 0.50 | 8.7 | 0.00 | Apr 18, 2025 | z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the `makefile-ubuntu.yml` workflow file uses `actions/upload-artifact@v4` to upload the `z80pack-ubuntu` artifact. This artifact is a zip of the current directory, which includes… | ||
| CVE-2025-24886 | Hig | 0.50 | 7.7 | 0.00 | Jan 30, 2025 | pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users (admin not required) to perform an LFI from the CTFd container. When a user clones or updates… | ||
| CVE-2025-24174 | Hig | 0.50 | 7.7 | 0.00 | Jan 27, 2025 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to bypass Privacy preferences. | ||
| CVE-2024-8326 | Hig | 0.50 | 8.8 | 0.01 | Dec 17, 2024 | The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 241114 via the 'sc_get_details' function. This makes it… | ||
| CVE-2024-48930 | Hig | 0.50 | — | 0.00 | Oct 21, 2024 | secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In `elliptic`-based version, `loadUncompressedPublicKey` has a check that the public key is on the curve. Prior to versions 5.0.1, 4.0.4, and 3.8.1, however,… | ||
| CVE-2024-47824 | Hig | 0.50 | — | 0.01 | Oct 15, 2024 | matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites… | ||
| CVE-2024-47080 | Hig | 0.50 | — | 0.01 | Oct 15, 2024 | matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method `MatrixClient.sendSharedHistoryKeys` is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061)… |
- risk 0.51cvss 7.8epss 0.00
IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain sensitive cleartext information via unspecified vectors, as demonstrated by password information.
- risk 0.51cvss 7.8epss 0.00
SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461.
- risk 0.51cvss 7.8epss 0.01
CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted application that makes an iw_set_priv ioctl call, aka Android internal bug 29982678 and…
- risk 0.51cvss 7.5epss 0.25
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET…
- risk 0.51cvss 7.8epss 0.00
IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors.
- risk 0.51cvss 7.8epss 0.01
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via…
- risk 0.51cvss 7.5epss 0.25
The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain…
- risk 0.51cvss 7.5epss 0.25
The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly…
- risk 0.50cvss 8.7epss 0.00
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields before including them in support packet generation, which allows a Mattermost System Admin or any party with access to a support packet to obtain sensitive…
- risk 0.50cvss 7.7epss 0.00
Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray() from within a page body, dumping the entire merged site configuration — including all plugin secrets (SMTP passwords, AWS…
- risk 0.50cvss 7.5epss 0.40
The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permission_callback that unconditionally returns…
- risk 0.50cvss —epss 0.00
Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path handling which could allow an attacker to access protected API endpoints by sending a crafted request path. An unauthenticated or…
- risk 0.50cvss 7.7epss 0.00
Anyquery is an SQL query engine built on top of SQLite. Versions 0.4.3 and below allow attackers who have already gained access to localhost, even with low privileges, to use the http server through the port unauthenticated, and access private integration data like emails,…
- risk 0.50cvss 8.7epss 0.00
z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the `makefile-ubuntu.yml` workflow file uses `actions/upload-artifact@v4` to upload the `z80pack-ubuntu` artifact. This artifact is a zip of the current directory, which includes…
- risk 0.50cvss 7.7epss 0.00
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users (admin not required) to perform an LFI from the CTFd container. When a user clones or updates…
- risk 0.50cvss 7.7epss 0.00
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to bypass Privacy preferences.
- risk 0.50cvss 8.8epss 0.01
The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 241114 via the 'sc_get_details' function. This makes it…
- risk 0.50cvss —epss 0.00
secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In `elliptic`-based version, `loadUncompressedPublicKey` has a check that the public key is on the curve. Prior to versions 5.0.1, 4.0.4, and 3.8.1, however,…
- risk 0.50cvss —epss 0.01
matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites…
- risk 0.50cvss —epss 0.01
matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method `MatrixClient.sendSharedHistoryKeys` is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061)…