Do certificates always contain non-sensitive data?

Generally speaking, are certificates always non-sensitive? In the form of x509 certs, it’s really just a public key and some metadata right?

I see some things that call “certificates” the combination of the x509 public key certificate and the private key. But that’s not really a certificate at that point (PKCS#12) right? That’s more of a “bundle”?

Am I missing something, or is the word “certificate” maybe misused at times? Thanks in advance!