CWE-200 · Information Disclosure
10160 CVEs classified under CWE-200 (Information Disclosure). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40965 | Critical | 10.0 | 2026-06-01 | Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC (Elliptic Curve) pr… |
CVE-2026-42826 | Critical | 10.0 | 2026-05-07 | Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network. |
CVE-2025-29270 | Critical | 10.0 | 2025-10-31 | Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin pan… |
CVE-2025-61481 | Critical | 10.0 | 2025-10-27 | An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to… |
CVE-2025-53624 | Critical | 10.0 | 2025-07-09 | The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions pri… |
CVE-2025-22612 | Critical | 10.0 | 2025-01-24 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization… |
CVE-2023-6248 | Critical | 10.0 | 2023-11-21 | The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code… |
CVE-2023-49103 | Critical | 10.0 | 2023-11-21 | An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php librar… |
CVE-2023-42454 | Critical | 10.0 | 2023-09-18 | SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database connection st… |
CVE-2022-29165 | Critical | 10.0 | 2022-05-20 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 a… |
CVE-2021-41277 | Critical | 10.0 | 2021-11-17 | Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->ma… |
CVE-2017-2320 | Critical | 10.0 | 2017-04-24 | A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-… |
CVE-2015-0987 | Critical | 10.0 | 2015-10-06 | Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remot… |
CVE-2026-54305 | Critical | 9.9 | 2026-06-23 | n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted… |
CVE-2026-44881 | Critical | 9.9 | 2026-05-28 | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and… |
CVE-2026-21515 | Critical | 9.9 | 2026-04-24 | Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network. |
CVE-2026-32938 | Critical | 9.9 | 2026-03-20 | SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the /api/lute/html2BlockDOM on the desktop copies local files pointed to by file… |
CVE-2025-68110 | Critical | 9.9 | 2025-12-17 | ChurchCRM is an open-source church management system. Versions prior to 6.5.3 may disclose database information in an error message including the host, ip, use… |
CVE-2025-55190 | Critical | 9.9 | 2025-09-04 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3… |
CVE-2024-38650 | Critical | 9.9 | 2024-09-07 | An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server. |