Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-201 (通过发送数据的信息暴露) — Vulnerability Class 285

285 vulnerabilities classified as CWE-201 (通过发送数据的信息暴露). AI Chinese analysis included.

CWE-201 represents an information exposure weakness where software inadvertently transmits sensitive data to unauthorized external actors. This vulnerability typically arises when developers fail to sanitize output streams, allowing credentials, personal identifiable information, or internal system states to leak through network logs, error messages, or API responses. Attackers exploit this by intercepting traffic or analyzing server-side feedback to harvest critical secrets, facilitating further unauthorized access or identity theft. To mitigate this risk, developers must implement strict data filtering and validation protocols before transmission. Utilizing secure logging frameworks that mask sensitive fields, employing encryption for data in transit, and conducting regular code reviews to identify accidental data leaks are essential practices. Ensuring that only necessary, non-sensitive information is shared with external entities significantly reduces the attack surface and protects user privacy.

MITRE CWE Description
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Common Consequences (1)
ConfidentialityRead Files or Directories, Read Memory, Read Application Data
Sensitive data may be exposed to attackers.
Mitigations (4)
RequirementsSpecify which data in the software should be regarded as sensitive. Consider which types of users should have access to which types of data.
ImplementationEnsure that any possibly sensitive data specified in the requirements is verified with designers to ensure that it is either a calculated risk or mitigated elsewhere. Any information that is not necessary to the functionality should be removed in order to lower both the overhead and the possibility of security sensitive data being sent.
System ConfigurationSetup default error messages so that unexpected errors do not disclose sensitive information.
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
Examples (1)
The following is an actual MySQL error statement:
Warning: mysql_pconnect(): Access denied for user: 'root@localhost' (Using password: N1nj4) in /usr/local/www/wi-data/includes/database.inc on line 4
Result · SQL
CVE IDTitleCVSSSeverityPublished
CVE-2026-28131 WordPress Elementor Addon Elements plugin <= 1.14.4 - Sensitive Data Exposure vulnerability — Elementor Addon Elements 6.5 Medium2026-02-26
CVE-2026-1694 Server configuration details in HTTP headers — PcVue 5.3AIMediumAI2026-02-26
CVE-2026-27465 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users — fleet 4.3AIMediumAI2026-02-26
CVE-2026-27516 Binardat 10G08-0800GSM Network Switch Plaintext Password Exposure — 10G08-0800GSM Network Switch 7.5 High2026-02-24
CVE-2026-27514 Tenda F3 Plaintext Credential Exposure in Configuration Download — Tenda F3 6.5 Medium2026-02-23
CVE-2025-68855 WordPress JobBoard Job listing plugin <= 1.2.8 - Sensitive Data Exposure vulnerability — JobBoard Job listing 5.9 Medium2026-02-20
CVE-2026-25008 WordPress Ninja Tables plugin <= 5.2.5 - Sensitive Data Exposure vulnerability — Ninja Tables 4.3 Medium2026-02-19
CVE-2025-7708 Sensitive Data Exposure in Atlas Software's k12net — k12net 6.8 Medium2026-02-09
CVE-2025-15329 Tanium addressed an information disclosure vulnerability in Threat Response. — Threat Response 4.9 Medium2026-02-05
CVE-2020-37150 Edimax Technology EW-7438RPn-v3 Mini 1.27 - Unauthorized Access: Wi-Fi Password Disclosure — EW-7438RPn Mini 7.5 High2026-02-05
CVE-2020-37093 Netis E1+ 1.2.32533 - Unauthenticated WiFi Password Leak — Netis E1+ 7.5 High2026-02-03
CVE-2026-24427 Tenda AC7 Exposes Admin Credentials in Configuration Responses — Tenda AC7 8.1AIHighAI2026-02-03
CVE-2026-24992 WordPress Advanced WooCommerce Product Sales Reporting plugin <= 4.1.2 - Sensitive Data Exposure vulnerability — Advanced WooCommerce Product Sales Reporting 5.3 Medium2026-02-03
CVE-2025-67857 Moodle: moodle: data exposure of user identifiers in urls 4.3 Medium2026-02-03
CVE-2026-1539 Libsoup: libsoup: credential leakage via http redirects — Red Hat Enterprise Linux 10 5.8 Medium2026-01-28
CVE-2026-24477 AnythingLLM has key leak in `systemSettings.js` — anything-llm 9.1AICriticalAI2026-01-26
CVE-2026-24430 Tenda W30E V2 HTTP Responses Expose Plaintext Credentials — W30E V2 7.5AIHighAI2026-01-26
CVE-2026-24589 WordPress Cargus plugin <= 1.5.8 - Sensitive Data Exposure vulnerability — Cargus 5.3 Medium2026-01-23
CVE-2026-24565 WordPress B Accordion plugin <= 2.0.2 - Sensitive Data Exposure vulnerability — B Accordion 6.5 Medium2026-01-23
CVE-2026-24559 WordPress Integration for Contact Form 7 HubSpot plugin <= 1.4.3 - Sensitive Data Exposure vulnerability — Integration for Contact Form 7 HubSpot 5.3 Medium2026-01-23
CVE-2026-24557 WordPress Contact Form 7 GetResponse Extension plugin <= 1.0.8 - Sensitive Data Exposure vulnerability — Contact Form 7 GetResponse Extension 5.3 Medium2026-01-23
CVE-2025-68035 WordPress Tabby Checkout plugin <= 5.8.4 - Sensitive Data Exposure vulnerability — Tabby Checkout 7.5 High2026-01-22
CVE-2025-68006 WordPress Booking Ultra Pro plugin <= 1.1.23 - Sensitive Data Exposure vulnerability — Booking Ultra Pro 6.5 Medium2026-01-22
CVE-2025-63019 WordPress Cookies and Content Security Policy plugin <= 2.34 - Sensitive Data Exposure vulnerability — Cookies and Content Security Policy 5.3 Medium2026-01-22
CVE-2026-23878 HotCRP vulnerable to exposure of submitted documents — hotcrp 6.5 Medium2026-01-19
CVE-2026-22246 Local Mastodon users can enumerate and access severed relationships of every other local user — mastodon 6.5 Medium2026-01-08
CVE-2025-67931 WordPress BulletProof Security plugin <= 6.9 - Sensitive Data Exposure vulnerability — BulletProof Security 7.5 High2026-01-08
CVE-2026-22539 INFORMATION DISCLOSURE VIA CURL REQUESTS (OCPP) — QC 60/90/120 5.3 -2026-01-07
CVE-2025-59955 Coolify leaksensitive information `email_change_code` in `/api/v1/teams/{team_id | current}/members` API endpoint — coolify 7.1 -2026-01-05
CVE-2025-68033 WordPress Custom Related Posts plugin <= 1.8.0 - Sensitive Data Exposure vulnerability — Custom Related Posts 7.5 High2026-01-05

Vulnerabilities classified as CWE-201 (通过发送数据的信息暴露) represent 285 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.