目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-201 通过发送数据的信息暴露 类漏洞列表 285

CWE-201 通过发送数据的信息暴露 类弱点 285 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-201属于信息泄露类漏洞,指代码在向外部实体传输数据时,意外包含了不应被该实体访问的敏感信息。攻击者通常通过拦截网络流量或日志分析,窃取如密码、密钥或个人隐私等机密数据,进而实施身份伪造或进一步渗透。开发者应避免在日志、调试输出或API响应中记录敏感字段,采用数据最小化原则,并对传输内容进行加密与脱敏处理,确保仅传输必要且授权的信息。

MITRE CWE 官方描述
CWE:CWE-201 将敏感信息插入到发送数据中 英文:代码将数据发送给另一个实体,但数据的一部分包含该实体不应访问的敏感信息。
常见影响 (1)
ConfidentialityRead Files or Directories, Read Memory, Read Application Data
Sensitive data may be exposed to attackers.
缓解措施 (4)
RequirementsSpecify which data in the software should be regarded as sensitive. Consider which types of users should have access to which types of data.
ImplementationEnsure that any possibly sensitive data specified in the requirements is verified with designers to ensure that it is either a calculated risk or mitigated elsewhere. Any information that is not necessary to the functionality should be removed in order to lower both the overhead and the possibility of security sensitive data being sent.
System ConfigurationSetup default error messages so that unexpected errors do not disclose sensitive information.
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
代码示例 (1)
The following is an actual MySQL error statement:
Warning: mysql_pconnect(): Access denied for user: 'root@localhost' (Using password: N1nj4) in /usr/local/www/wi-data/includes/database.inc on line 4
Result · SQL
CVE ID标题CVSS风险等级Published
CVE-2025-31978 HCL BigFix SM 跨站脚本漏洞 — BigFix Service Management (SM) 4.6 Medium2026-05-06
CVE-2026-42379 WordPress plugin Templately 安全漏洞 — Templately 7.7 High2026-04-27
CVE-2026-5512 GitHub Enterprise Server 安全漏洞 — Enterprise Server 4.3AIMediumAI2026-04-21
CVE-2026-40161 Tekton Pipelines 安全漏洞 — pipeline 7.7 High2026-04-21
CVE-2026-4525 HashiCorp Vault 安全漏洞 — Vault 7.5 High2026-04-17
CVE-2026-5483 Red Hat OpenShift AI 安全漏洞 — Red Hat OpenShift AI 2.16 8.5 High2026-04-10
CVE-2026-39912 V2Board 安全漏洞 — v2board 9.1 Critical2026-04-09
CVE-2026-39711 WordPress plugin RT-Theme 18 Extensions 安全漏洞 — RT-Theme 18 | Extensions 5.3 Medium2026-04-08
CVE-2026-39709 WordPress plugin The Tribal 安全漏洞 — The Tribal 5.3 Medium2026-04-08
CVE-2026-39586 WordPress plugin RepairBuddy 安全漏洞 — RepairBuddy 5.3 Medium2026-04-08
CVE-2026-39570 WordPress plugin 12 Step Meeting List 安全漏洞 — 12 Step Meeting List 5.3 Medium2026-04-08
CVE-2026-39564 WordPress plugin Sunshine Photo Cart 安全漏洞 — Sunshine Photo Cart 5.3 Medium2026-04-08
CVE-2026-39542 WordPress plugin Doofinder for WooCommerce 安全漏洞 — Doofinder for WooCommerce 5.3 Medium2026-04-08
CVE-2026-39473 WordPress plugin Simple History 安全漏洞 — Simple History 5.3 Medium2026-04-08
CVE-2026-20151 Cisco Smart Software Manager On-Prem 安全漏洞 — Cisco Smart Software Manager On-Prem 7.3 High2026-04-01
CVE-2026-4927 Devolutions Server 安全漏洞 — Server 6.5AIMediumAI2026-04-01
CVE-2026-34226 happy-dom 安全漏洞 — happy-dom 7.5 High2026-03-27
CVE-2026-32538 WordPress plugin SMTP Mailer 安全漏洞 — SMTP Mailer 7.5 High2026-03-25
CVE-2026-25339 WordPress plugin Contact Form by WPForms 安全漏洞 — Contact Form by WPForms 6.5 Medium2026-03-25
CVE-2026-32829 lz4_flex 安全漏洞 — lz4_flex 5.9 -2026-03-20
CVE-2026-27935 Discourse 安全漏洞 — discourse 4.3 -2026-03-19
CVE-2026-27934 Discourse 安全漏洞 — discourse 4.3 -2026-03-19
CVE-2026-2578 Mattermost 安全漏洞 — Mattermost 4.3 Medium2026-03-16
CVE-2025-14483 IBM Sterling B2B Integrator和IBM Sterling File Gateway 安全漏洞 — Sterling B2B Integrator 4.3 Medium2026-03-13
CVE-2026-32354 WordPress plugin WpEvently 安全漏洞 — WpEvently 5.3 Medium2026-03-13
CVE-2026-28481 OpenClaw 安全漏洞 — OpenClaw 6.5 Medium2026-03-05
CVE-2026-27406 WordPress plugin My Tickets 安全漏洞 — My Tickets 7.5 High2026-03-05
CVE-2026-27370 WordPress plugin Chaty 安全漏洞 — Chaty 7.5 High2026-03-05
CVE-2026-23546 WordPress plugin Classified Listing 安全漏洞 — Classified Listing 6.5 Medium2026-03-05
CVE-2025-68515 WordPress plugin WP Booking System 安全漏洞 — WP Booking System 5.8 Medium2026-03-05

CWE-201(通过发送数据的信息暴露) 是常见的弱点类别,本平台收录该类弱点关联的 285 条 CVE 漏洞。