CWE-200 · Information Disclosure

10160 CVEs classified under CWE-200 (Information Disclosure). Browse by severity and year.

Top CVEs for CWE-200
CVESeverityScorePublishedSummary
CVE-2026-40965Critical10.02026-06-01Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC (Elliptic Curve) pr…
CVE-2026-42826Critical10.02026-05-07Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.
CVE-2025-29270Critical10.02025-10-31Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin pan…
CVE-2025-61481Critical10.02025-10-27An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to…
CVE-2025-53624Critical10.02025-07-09The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions pri…
CVE-2025-22612Critical10.02025-01-24Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization…
CVE-2023-6248Critical10.02023-11-21The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code…
CVE-2023-49103Critical10.02023-11-21An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php librar…
CVE-2023-42454Critical10.02023-09-18SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database connection st…
CVE-2022-29165Critical10.02022-05-20Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 a…
CVE-2021-41277Critical10.02021-11-17Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->ma…
CVE-2017-2320Critical10.02017-04-24A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-…
CVE-2015-0987Critical10.02015-10-06Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remot…
CVE-2026-54305Critical9.92026-06-23n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted…
CVE-2026-44881Critical9.92026-05-28Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and…
CVE-2026-21515Critical9.92026-04-24Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.
CVE-2026-32938Critical9.92026-03-20SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the /api/lute/html2BlockDOM on the desktop copies local files pointed to by file…
CVE-2025-68110Critical9.92025-12-17ChurchCRM is an open-source church management system. Versions prior to 6.5.3 may disclose database information in an error message including the host, ip, use…
CVE-2025-55190Critical9.92025-09-04Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3…
CVE-2024-38650Critical9.92024-09-07An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.