Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-201 (通过发送数据的信息暴露) — Vulnerability Class 285

285 vulnerabilities classified as CWE-201 (通过发送数据的信息暴露). AI Chinese analysis included.

CWE-201 represents an information exposure weakness where software inadvertently transmits sensitive data to unauthorized external actors. This vulnerability typically arises when developers fail to sanitize output streams, allowing credentials, personal identifiable information, or internal system states to leak through network logs, error messages, or API responses. Attackers exploit this by intercepting traffic or analyzing server-side feedback to harvest critical secrets, facilitating further unauthorized access or identity theft. To mitigate this risk, developers must implement strict data filtering and validation protocols before transmission. Utilizing secure logging frameworks that mask sensitive fields, employing encryption for data in transit, and conducting regular code reviews to identify accidental data leaks are essential practices. Ensuring that only necessary, non-sensitive information is shared with external entities significantly reduces the attack surface and protects user privacy.

MITRE CWE Description
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Common Consequences (1)
ConfidentialityRead Files or Directories, Read Memory, Read Application Data
Sensitive data may be exposed to attackers.
Mitigations (4)
RequirementsSpecify which data in the software should be regarded as sensitive. Consider which types of users should have access to which types of data.
ImplementationEnsure that any possibly sensitive data specified in the requirements is verified with designers to ensure that it is either a calculated risk or mitigated elsewhere. Any information that is not necessary to the functionality should be removed in order to lower both the overhead and the possibility of security sensitive data being sent.
System ConfigurationSetup default error messages so that unexpected errors do not disclose sensitive information.
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
Examples (1)
The following is an actual MySQL error statement:
Warning: mysql_pconnect(): Access denied for user: 'root@localhost' (Using password: N1nj4) in /usr/local/www/wi-data/includes/database.inc on line 4
Result · SQL
CVE IDTitleCVSSSeverityPublished
CVE-2025-31978 HCL BigFix Service Management (SM) does not adequately sanitize or safely render — BigFix Service Management (SM) 4.6 Medium2026-05-06
CVE-2026-42379 WordPress Templately plugin <= 3.6.1 - Sensitive Data Exposure vulnerability — Templately 7.7 High2026-04-27
CVE-2026-5512 Improper authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository names via mobile upload policy API — Enterprise Server 4.3AIMediumAI2026-04-21
CVE-2026-40161 Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL — pipeline 7.7 High2026-04-21
CVE-2026-4525 Vault Token Leaked to Backends via Authorization: Bearer Passthrough Header — Vault 7.5 High2026-04-17
CVE-2026-5483 Odh-dashboard: odh dashboard kubernetes service account exposure — Red Hat OpenShift AI 2.16 8.5 High2026-04-10
CVE-2026-39912 v2board / Xboard Authentication Token Exposure via loginWithMailLink — v2board 9.1 Critical2026-04-09
CVE-2026-39711 WordPress RT-Theme 18 | Extensions plugin <= 2.5 - Sensitive Data Exposure vulnerability — RT-Theme 18 | Extensions 5.3 Medium2026-04-08
CVE-2026-39709 WordPress The Tribal plugin <= 1.3.4 - Sensitive Data Exposure vulnerability — The Tribal 5.3 Medium2026-04-08
CVE-2026-39586 WordPress RepairBuddy plugin <= 4.1132 - Sensitive Data Exposure vulnerability — RepairBuddy 5.3 Medium2026-04-08
CVE-2026-39570 WordPress 12 Step Meeting List plugin <= 3.19.9 - Sensitive Data Exposure vulnerability — 12 Step Meeting List 5.3 Medium2026-04-08
CVE-2026-39564 WordPress Sunshine Photo Cart plugin < 3.6.2 - Sensitive Data Exposure vulnerability — Sunshine Photo Cart 5.3 Medium2026-04-08
CVE-2026-39542 WordPress Doofinder for WooCommerce plugin <= 2.10.13 - Sensitive Data Exposure vulnerability — Doofinder for WooCommerce 5.3 Medium2026-04-08
CVE-2026-39473 WordPress Simple History plugin <= 5.24.0 - Sensitive Data Exposure vulnerability — Simple History 5.3 Medium2026-04-08
CVE-2026-20151 Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability — Cisco Smart Software Manager On-Prem 7.3 High2026-04-01
CVE-2026-4927 Devolutions Server 安全漏洞 — Server 6.5AIMediumAI2026-04-01
CVE-2026-34226 Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies — happy-dom 7.5 High2026-03-27
CVE-2026-32538 WordPress SMTP Mailer plugin <= 1.1.24 - Sensitive Data Exposure vulnerability — SMTP Mailer 7.5 High2026-03-25
CVE-2026-25339 WordPress Contact Form by WPForms plugin <= 1.9.8.7 - Sensitive Data Exposure vulnerability — Contact Form by WPForms 6.5 Medium2026-03-25
CVE-2026-32829 lz4_flex: Decompression can leak information from uninitialized memory or reused output buffer — lz4_flex 5.9 -2026-03-20
CVE-2026-27935 Discourse leaks private topic metadata to non-authorized users — discourse 4.3 -2026-03-19
CVE-2026-27934 Discourse leaks private topic title and post excerpt via user action API endpoint — discourse 4.3 -2026-03-19
CVE-2026-2578 Information Disclosure via WebSocket Event When Deleting Unrevealed Burn on Read Posts — Mattermost 4.3 Medium2026-03-16
CVE-2025-14483 IBM Sterling B2B Integrator and IBM Sterling File Gateway Information Disclosure — Sterling B2B Integrator 4.3 Medium2026-03-13
CVE-2026-32354 WordPress WpEvently plugin < 5.1.9 - Sensitive Data Exposure vulnerability — WpEvently 5.3 Medium2026-03-13
CVE-2026-28481 OpenClaw < 2026.2.1 - Bearer Token Leakage via MS Teams Attachment Downloader Suffix Matching — OpenClaw 6.5 Medium2026-03-05
CVE-2026-27406 WordPress My Tickets plugin <= 2.1.0 - Sensitive Data Exposure vulnerability — My Tickets 7.5 High2026-03-05
CVE-2026-27370 WordPress Chaty plugin <= 3.5.1 - Sensitive Data Exposure vulnerability — Chaty 7.5 High2026-03-05
CVE-2026-23546 WordPress Classified Listing plugin <= 5.3.4 - Sensitive Data Exposure vulnerability — Classified Listing 6.5 Medium2026-03-05
CVE-2025-68515 WordPress WP Booking System plugin <= 2.0.19.12 - Sensitive Data Exposure vulnerability — WP Booking System 5.8 Medium2026-03-05

Vulnerabilities classified as CWE-201 (通过发送数据的信息暴露) represent 285 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.