CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Description
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79
CVEs mapped to this weakness (7,319)
page 27 of 366| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-47922 | — | Hig | 0.49 | 7.5 | 0.00 | Dec 30, 2024 | Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | |
| CVE-2024-56509 | Hig | 0.49 | 8.6 | 0.01 | Dec 27, 2024 | changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read (LFR) or path traversal attacks. These vulnerabilities occur… | ||
| CVE-2024-21549 | Hig | 0.49 | 8.6 | 0.01 | Dec 20, 2024 | Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a… | ||
| CVE-2024-51163 | Hig | 0.49 | 7.5 | 0.01 | Nov 20, 2024 | A Local File Inclusion vulnerability in Vegam Solutions Vegam 4i versions 6.3.47.0 and earlier allows a remote attacker to obtain sensitive information through the print label function. Specifically, the filePathList parameter is susceptible to LFI, enabling a malicious user to… | ||
| CVE-2024-47915 | — | Hig | 0.49 | 7.5 | 0.00 | Nov 14, 2024 | VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | |
| CVE-2024-6861 | Hig | 0.49 | 7.5 | 0.01 | Nov 6, 2024 | A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API. | ||
| CVE-2024-48824 | Hig | 0.49 | 7.5 | 0.00 | Oct 14, 2024 | An issue in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to obtain sensitive information via the Racine & FileName parameters in the download-file.php component. | ||
| CVE-2024-48789 | Hig | 0.49 | 7.5 | 0.01 | Oct 14, 2024 | An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain sensitve information via the firmware update process. | ||
| CVE-2024-48799 | Hig | 0.49 | 7.5 | 0.01 | Oct 14, 2024 | An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process. | ||
| CVE-2024-48798 | Hig | 0.49 | 7.5 | 0.01 | Oct 14, 2024 | An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to obtain sensitive information via the firmware update process. | ||
| CVE-2024-48797 | Hig | 0.49 | 7.5 | 0.01 | Oct 14, 2024 | An issue in PCS Engineering Preston Cinema (com.prestoncinema.app) 0.2.0 allows a remote attacker to obtain sensitive information via the firmware update process. | ||
| CVE-2024-48796 | Hig | 0.49 | 7.5 | 0.01 | Oct 14, 2024 | An issue in EQUES com.eques.plug 1.0.1 allows a remote attacker to obtain sensitive information via the firmware update process. | ||
| CVE-2024-45624 | Hig | 0.49 | 7.5 | 0.01 | Sep 12, 2024 | Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved. | ||
| CVE-2024-38747 | Hig | 0.49 | 7.5 | 0.00 | Aug 13, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects HitPay Payment Gateway for WooCommerce: from n/a… | ||
| CVE-2024-41696 | Hig | 0.49 | 7.5 | 0.00 | Jul 30, 2024 | Priority PRI WEB Portal Add-On for Priority ERP on prem - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||
| CVE-2024-37115 | Hig | 0.49 | 7.5 | 0.01 | Jul 10, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8. | ||
| CVE-2024-37110 | Hig | 0.49 | 7.5 | 0.01 | Jul 10, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. | ||
| CVE-2023-52237 | — | Hig | 0.49 | 7.5 | 0.00 | Jul 9, 2024 | A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM… | |
| CVE-2024-39182 | Hig | 0.49 | 7.5 | 0.00 | Jul 5, 2024 | An information disclosure vulnerability in ISPmanager v6.98.0 allows attackers to access sensitive details of the root user's session via an arbitrary command (ISP6-1779). | ||
| CVE-2024-5753 | Hig | 0.49 | 7.5 | 0.01 | Jul 5, 2024 | vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as `pg_read_file()`. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like `/etc/passwd`, by… |
- risk 0.49cvss 7.5epss 0.00
Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- risk 0.49cvss 8.6epss 0.01
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read (LFR) or path traversal attacks. These vulnerabilities occur…
- risk 0.49cvss 8.6epss 0.01
Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a…
- risk 0.49cvss 7.5epss 0.01
A Local File Inclusion vulnerability in Vegam Solutions Vegam 4i versions 6.3.47.0 and earlier allows a remote attacker to obtain sensitive information through the print label function. Specifically, the filePathList parameter is susceptible to LFI, enabling a malicious user to…
- risk 0.49cvss 7.5epss 0.00
VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- risk 0.49cvss 7.5epss 0.01
A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API.
- risk 0.49cvss 7.5epss 0.00
An issue in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to obtain sensitive information via the Racine & FileName parameters in the download-file.php component.
- risk 0.49cvss 7.5epss 0.01
An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain sensitve information via the firmware update process.
- risk 0.49cvss 7.5epss 0.01
An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process.
- risk 0.49cvss 7.5epss 0.01
An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to obtain sensitive information via the firmware update process.
- risk 0.49cvss 7.5epss 0.01
An issue in PCS Engineering Preston Cinema (com.prestoncinema.app) 0.2.0 allows a remote attacker to obtain sensitive information via the firmware update process.
- risk 0.49cvss 7.5epss 0.01
An issue in EQUES com.eques.plug 1.0.1 allows a remote attacker to obtain sensitive information via the firmware update process.
- risk 0.49cvss 7.5epss 0.01
Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved.
- risk 0.49cvss 7.5epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects HitPay Payment Gateway for WooCommerce: from n/a…
- risk 0.49cvss 7.5epss 0.00
Priority PRI WEB Portal Add-On for Priority ERP on prem - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- risk 0.49cvss 7.5epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8.
- risk 0.49cvss 7.5epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.
- risk 0.49cvss 7.5epss 0.00
A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM…
- risk 0.49cvss 7.5epss 0.00
An information disclosure vulnerability in ISPmanager v6.98.0 allows attackers to access sensitive details of the root user's session via an arbitrary command (ISP6-1779).
- risk 0.49cvss 7.5epss 0.01
vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as `pg_read_file()`. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like `/etc/passwd`, by…