CWE-359 · Exposure of Private Personal Information to an Unauthorized Actor
190 CVEs classified under CWE-359 (Exposure of Private Personal Information to an Unauthorized Actor). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-0482 | Critical | 9.1 | 2022-03-09 | Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3. |
CVE-2022-2921 | High | 8.8 | 2022-08-21 | Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation… |
CVE-2023-36052 | High | 8.6 | 2023-11-14 | Azure CLI REST Command Information Disclosure Vulnerability |
CVE-2024-26192 | High | 8.2 | 2024-02-23 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
CVE-2025-66172 | High | 8.1 | 2026-05-08 | The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0… |
CVE-2025-11959 | High | 8.1 | 2025-11-11 | Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information… |
CVE-2023-36018 | High | 7.8 | 2023-11-14 | Visual Studio Code Jupyter Extension Spoofing Vulnerability |
CVE-2024-42347 | High | 7.7 | 2024-08-06 | matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data t… |
CVE-2024-11216 | High | 7.6 | 2025-03-05 | Authorization Bypass Through User-Controlled Key, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in PozitifIK Pik Online allow… |
CVE-2023-50053 | High | 7.6 | 2024-04-30 | An issue in Foundation.app Foundation platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Foundation… |
CVE-2026-56124 | High | 7.5 | 2026-06-29 | phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploa… |
CVE-2026-48615 | High | 7.5 | 2026-06-26 | A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages. When proxy credentials are embedded in th… |
CVE-2019-25762 | High | 7.5 | 2026-06-19 | Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by e… |
CVE-2026-26237 | High | 7.5 | 2026-06-10 | A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data… |
CVE-2026-28906 | High | 7.5 | 2026-05-11 | This issue was addressed through improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7… |
CVE-2025-15623 | High | 7.5 | 2026-04-17 | Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability i… |
CVE-2026-34226 | High | 7.5 | 2026-03-27 | Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current pa… |
CVE-2020-37173 | High | 7.5 | 2026-02-11 | AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php end… |
CVE-2026-24735 | High | 7.5 | 2026-02-04 | Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthe… |
CVE-2025-65857 | High | 7.5 | 2025-12-22 | An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing h… |