CWE-359 · Exposure of Private Personal Information to an Unauthorized Actor

190 CVEs classified under CWE-359 (Exposure of Private Personal Information to an Unauthorized Actor). Browse by severity and year.

Top CVEs for CWE-359
CVESeverityScorePublishedSummary
CVE-2022-0482Critical9.12022-03-09Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.
CVE-2022-2921High8.82022-08-21Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation…
CVE-2023-36052High8.62023-11-14Azure CLI REST Command Information Disclosure Vulnerability
CVE-2024-26192High8.22024-02-23Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2025-66172High8.12026-05-08The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0…
CVE-2025-11959High8.12025-11-11Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information…
CVE-2023-36018High7.82023-11-14Visual Studio Code Jupyter Extension Spoofing Vulnerability
CVE-2024-42347High7.72024-08-06matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data t…
CVE-2024-11216High7.62025-03-05Authorization Bypass Through User-Controlled Key, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in PozitifIK Pik Online allow…
CVE-2023-50053High7.62024-04-30An issue in Foundation.app Foundation platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Foundation…
CVE-2026-56124High7.52026-06-29phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploa…
CVE-2026-48615High7.52026-06-26A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages. When proxy credentials are embedded in th…
CVE-2019-25762High7.52026-06-19Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by e…
CVE-2026-26237High7.52026-06-10A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data…
CVE-2026-28906High7.52026-05-11This issue was addressed through improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7…
CVE-2025-15623High7.52026-04-17Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability i…
CVE-2026-34226High7.52026-03-27Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current pa…
CVE-2020-37173High7.52026-02-11AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php end…
CVE-2026-24735High7.52026-02-04Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthe…
CVE-2025-65857High7.52025-12-22An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing h…