目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-201 通过发送数据的信息暴露 类漏洞列表 318

CWE-201 通过发送数据的信息暴露 类弱点 318 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-201属于信息泄露类漏洞,指代码在向外部实体传输数据时,意外包含了不应被该实体访问的敏感信息。攻击者通常通过拦截网络流量或日志分析,窃取如密码、密钥或个人隐私等机密数据,进而实施身份伪造或进一步渗透。开发者应避免在日志、调试输出或API响应中记录敏感字段,采用数据最小化原则,并对传输内容进行加密与脱敏处理,确保仅传输必要且授权的信息。

MITRE CWE 官方描述
CWE:CWE-201 将敏感信息插入到发送数据中 英文:代码将数据发送给另一个实体,但数据的一部分包含该实体不应访问的敏感信息。
常见影响 (1)
ConfidentialityRead Files or Directories, Read Memory, Read Application Data
Sensitive data may be exposed to attackers.
缓解措施 (4)
RequirementsSpecify which data in the software should be regarded as sensitive. Consider which types of users should have access to which types of data.
ImplementationEnsure that any possibly sensitive data specified in the requirements is verified with designers to ensure that it is either a calculated risk or mitigated elsewhere. Any information that is not necessary to the functionality should be removed in order to lower both the overhead and the possibility of security sensitive data being sent.
System ConfigurationSetup default error messages so that unexpected errors do not disclose sensitive information.
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
代码示例 (1)
The following is an actual MySQL error statement:
Warning: mysql_pconnect(): Access denied for user: 'root@localhost' (Using password: N1nj4) in /usr/local/www/wi-data/includes/database.inc on line 4
Result · SQL
CVE ID标题CVSS风险等级Published
CVE-2026-22551 Eclipse Theia <1.71.0信息泄露漏洞 — Eclipse Theia--2026-06-18
CVE-2024-35690 Marketing Fire Widget Options 信息泄露漏洞 — Widget Options 6.5 Medium2026-06-17
CVE-2026-52698 WordPress PushEngage插件 <= 4.2.3 敏感数据泄露漏洞 — PushEngage – Web Push Notifications, eCommerce Automation &amp; Chat Widget 7.4 High2026-06-17
CVE-2026-34888 WordPress Bricksforge插件<=3.1.8.4敏感数据泄露漏洞 — Bricksforge 7.5 High2026-06-17
CVE-2026-27868 Teldat Regesta Smart HD-PLC 敏感信息泄露漏洞 — Regesta Smart HD-PLC - TLDPH16D2--2026-06-17
CVE-2026-54197 WordPress GetGenie插件<=4.4.1敏感数据泄露漏洞 — GetGenie 6.5 Medium2026-06-16
CVE-2026-52695 Al Monsor ABC Crypto Checkout 信息泄露漏洞 — ABC Crypto Checkout 7.5 High2026-06-15
CVE-2026-52692 wp.insider Affiliates Manager 信息泄露漏洞 — Affiliates Manager 7.5 High2026-06-15
CVE-2026-49082 Chatway Live Chat 信息泄露漏洞 — Chatway Live Chat &#8211; AI Chatbot, Customer Support, FAQ &amp; Helpdesk Customer Service &amp; Chat Buttons 7.4 High2026-06-15
CVE-2026-48965 watchful xcloner 信息泄露漏洞 — XCloner 6.5 Medium2026-06-15
CVE-2026-42667 Bookly 信息泄露漏洞 — Bookly 7.5 High2026-06-15
CVE-2026-42384 NSquared Simply Schedule Appointments 信息泄露漏洞 — Simply Schedule Appointments 7.5 High2026-06-15
CVE-2026-40789 Melograno Venture Studio Amelia 信息泄露漏洞 — Amelia 7.5 High2026-06-15
CVE-2026-39480 Inisev Backup Migration 信息泄露漏洞 — Backup Migration 7.5 High2026-06-15
CVE-2026-49064 WordPress plugin GetPaid 信息泄露漏洞 — GetPaid 7.5 High2026-06-15
CVE-2026-7184 Mattermost 信息泄露漏洞 — Mattermost 6.5 Medium2026-06-12
CVE-2026-44487 Axios 安全漏洞 — axios--2026-06-11
CVE-2026-46481 OpenMetadata 安全漏洞 — OpenMetadata 8.3 High2026-06-08
CVE-2026-42539 Iris 安全漏洞 — iris-web 6.5 Medium2026-06-04
CVE-2026-4035 MLflow 安全漏洞 — mlflow/mlflow--2026-06-03
CVE-2026-44653 LibreChat 安全漏洞 — LibreChat 6.5 Medium2026-06-02
CVE-2026-35447 NamelessMC 安全漏洞 — Nameless--2026-06-02
CVE-2026-42673 WordPress plugin Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity 安全漏洞 — Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity 7.5 High2026-06-01
CVE-2026-49370 JetBrains YouTrack 安全漏洞 — YouTrack 3.4 Low2026-05-29
CVE-2026-10101 Red Hat assisted-service 安全漏洞 — Multicluster Engine for Kubernetes 6.3 Medium2026-05-29
CVE-2026-45582 n8n-MCP 安全漏洞 — n8n-mcp 6.5 Medium2026-05-29
CVE-2026-42746 WordPress plugin Smart Online Order for Clover 安全漏洞 — Smart Online Order for Clover 7.3 High2026-05-27
CVE-2026-48877 WordPress plugin GenerateBlocks 安全漏洞 — GenerateBlocks 6.5 Medium2026-05-27
CVE-2026-41181 Traefik 安全漏洞 — traefik--2026-05-15
CVE-2025-62305 HCL AION 安全漏洞 — AION 5.1 Medium2026-05-14

CWE-201(通过发送数据的信息暴露) 是常见的弱点类别,本平台收录该类弱点关联的 318 条 CVE 漏洞。