CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Description
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79
CVEs mapped to this weakness (7,319)
page 89 of 366| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-3238 | Med | 0.42 | 6.5 | 0.03 | Aug 24, 2015 | The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. | ||
| CVE-2026-45300 | Hig | 0.41 | 7.4 | 0.00 | Jun 5, 2026 | The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch prior to 3.0.10 leak `Cookie` headers to cross-origin redirect targets. When… | ||
| CVE-2026-44460 | Hig | 0.41 | 7.4 | 0.00 | May 27, 2026 | FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 3.12.0, /api/totp_setup.php is callable from a session that has only passed the password check (state pending_login_user). When the target account already has TOTP… | ||
| CVE-2026-44408 | Med | 0.41 | 6.3 | 0.00 | May 19, 2026 | There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can modify configuration through the interface. | ||
| CVE-2026-45539 | Hig | 0.41 | 7.4 | 0.01 | May 15, 2026 | Microsoft APM is an open-source, community-driven dependency manager for AI agents. From 0.5.4 to 0.12.4, two primitive integrators in apm-cli enumerate package files with bare Path.glob() / Path.rglob() calls and read each match with Path.read_text(), transparently following… | ||
| CVE-2026-41610 | Med | 0.41 | 6.3 | 0.01 | May 12, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | ||
| CVE-2026-31370 | Med | 0.41 | 6.3 | 0.00 | Apr 21, 2026 | Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality. | ||
| CVE-2026-33745 | Hig | 0.41 | 7.4 | 0.00 | Mar 27, 2026 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP client forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary hosts when following cross-origin HTTP redirects (301/302/307/308). A… | ||
| CVE-2025-15065 | Med | 0.41 | 6.3 | 0.00 | Dec 29, 2025 | Exposure of Sensitive Information to an Unauthorized Actor, Missing Encryption of Sensitive Data, Files or Directories Accessible to External Parties vulnerability in Kings Information & Network Co. KESS Enterprise on Windows allows Privilege Escalation, Modify Existing Service,… | ||
| CVE-2024-50338 | Hig | 0.41 | 7.4 | 0.03 | Jan 14, 2025 | Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format `key=value`. Git's… | ||
| CVE-2024-8553 | Med | 0.41 | 6.3 | 0.00 | Oct 31, 2024 | A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can… | ||
| CVE-2024-46548 | Med | 0.41 | 6.3 | 0.00 | Sep 30, 2024 | TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly validate certificates, allowing attackers to eavesdrop on communications and access sensitive information via a man-in-the-middle attack. | ||
| CVE-2020-25836 | Med | 0.41 | 6.3 | 0.00 | Jul 16, 2024 | Exposure of Sensitive Information to an Unauthorized Access vulnerability in OpenText NetIQ Directory and Resource Administrator. This issue affects NetIQ Directory and Resource Administrator versions prior to 10.0.2 and prior to 9.2.1 Patch 10. | ||
| CVE-2023-51437 | Hig | 0.41 | 7.4 | 0.01 | Feb 7, 2024 | Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users… | ||
| CVE-2023-50290 | Med | 0.41 | 6.5 | 0.69 | Jan 15, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the… | ||
| CVE-2023-1625 | Hig | 0.41 | 7.4 | 0.01 | Sep 24, 2023 | An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of… | ||
| CVE-2023-30843 | Hig | 0.41 | 7.4 | 0.01 | Apr 26, 2023 | Payload is a free and open source headless content management system. In versions prior to 1.7.0, if a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Version 1.7.0… | ||
| CVE-2022-23633 | Hig | 0.41 | 7.4 | 0.02 | Feb 11, 2022 | Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next… | ||
| CVE-2021-41124 | Hig | 0.41 | 7.4 | 0.01 | Oct 5, 2021 | Scrapy-splash is a library which provides Scrapy and JavaScript integration. In affected versions users who use [`HttpAuthMiddleware`](http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth) (i.e. the `http_user` and… | ||
| CVE-2021-28169 | Med | 0.41 | 5.3 | 0.78 | Jun 9, 2021 | For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml… |
- risk 0.42cvss 6.5epss 0.03
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
- risk 0.41cvss 7.4epss 0.00
The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch prior to 3.0.10 leak `Cookie` headers to cross-origin redirect targets. When…
- risk 0.41cvss 7.4epss 0.00
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 3.12.0, /api/totp_setup.php is callable from a session that has only passed the password check (state pending_login_user). When the target account already has TOTP…
- risk 0.41cvss 6.3epss 0.00
There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can modify configuration through the interface.
- risk 0.41cvss 7.4epss 0.01
Microsoft APM is an open-source, community-driven dependency manager for AI agents. From 0.5.4 to 0.12.4, two primitive integrators in apm-cli enumerate package files with bare Path.glob() / Path.rglob() calls and read each match with Path.read_text(), transparently following…
- risk 0.41cvss 6.3epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
- risk 0.41cvss 6.3epss 0.00
Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
- risk 0.41cvss 7.4epss 0.00
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP client forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary hosts when following cross-origin HTTP redirects (301/302/307/308). A…
- risk 0.41cvss 6.3epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor, Missing Encryption of Sensitive Data, Files or Directories Accessible to External Parties vulnerability in Kings Information & Network Co. KESS Enterprise on Windows allows Privilege Escalation, Modify Existing Service,…
- risk 0.41cvss 7.4epss 0.03
Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format `key=value`. Git's…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can…
- risk 0.41cvss 6.3epss 0.00
TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly validate certificates, allowing attackers to eavesdrop on communications and access sensitive information via a man-in-the-middle attack.
- risk 0.41cvss 6.3epss 0.00
Exposure of Sensitive Information to an Unauthorized Access vulnerability in OpenText NetIQ Directory and Resource Administrator. This issue affects NetIQ Directory and Resource Administrator versions prior to 10.0.2 and prior to 9.2.1 Patch 10.
- risk 0.41cvss 7.4epss 0.01
Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users…
- risk 0.41cvss 6.5epss 0.69
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the…
- risk 0.41cvss 7.4epss 0.01
An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of…
- risk 0.41cvss 7.4epss 0.01
Payload is a free and open source headless content management system. In versions prior to 1.7.0, if a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Version 1.7.0…
- risk 0.41cvss 7.4epss 0.02
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next…
- risk 0.41cvss 7.4epss 0.01
Scrapy-splash is a library which provides Scrapy and JavaScript integration. In affected versions users who use [`HttpAuthMiddleware`](http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth) (i.e. the `http_user` and…
- risk 0.41cvss 5.3epss 0.78
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml…