Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-201 (通过发送数据的信息暴露) — Vulnerability Class 285

285 vulnerabilities classified as CWE-201 (通过发送数据的信息暴露). AI Chinese analysis included.

CWE-201 represents an information exposure weakness where software inadvertently transmits sensitive data to unauthorized external actors. This vulnerability typically arises when developers fail to sanitize output streams, allowing credentials, personal identifiable information, or internal system states to leak through network logs, error messages, or API responses. Attackers exploit this by intercepting traffic or analyzing server-side feedback to harvest critical secrets, facilitating further unauthorized access or identity theft. To mitigate this risk, developers must implement strict data filtering and validation protocols before transmission. Utilizing secure logging frameworks that mask sensitive fields, employing encryption for data in transit, and conducting regular code reviews to identify accidental data leaks are essential practices. Ensuring that only necessary, non-sensitive information is shared with external entities significantly reduces the attack surface and protects user privacy.

MITRE CWE Description
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Common Consequences (1)
ConfidentialityRead Files or Directories, Read Memory, Read Application Data
Sensitive data may be exposed to attackers.
Mitigations (4)
RequirementsSpecify which data in the software should be regarded as sensitive. Consider which types of users should have access to which types of data.
ImplementationEnsure that any possibly sensitive data specified in the requirements is verified with designers to ensure that it is either a calculated risk or mitigated elsewhere. Any information that is not necessary to the functionality should be removed in order to lower both the overhead and the possibility of security sensitive data being sent.
System ConfigurationSetup default error messages so that unexpected errors do not disclose sensitive information.
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
Examples (1)
The following is an actual MySQL error statement:
Warning: mysql_pconnect(): Access denied for user: 'root@localhost' (Using password: N1nj4) in /usr/local/www/wi-data/includes/database.inc on line 4
Result · SQL
CVE IDTitleCVSSSeverityPublished
CVE-2025-20789 MediaTek Chipsets 安全漏洞 — MT6781, MT6833, MT6853, MT6877, MT6893, MT8196 5.0AIMediumAI2025-12-02
CVE-2025-66035 Angular HTTP Client Has XSRF Token Leakage via Protocol-Relative URLs — angular 6.5AIMediumAI2025-11-26
CVE-2025-65944 Sentry-Javascript deals with leaked sensitive headers when `sendDefaultPii` is set to `true` — sentry-javascript 9.9AICriticalAI2025-11-25
CVE-2025-64299 LogStare Collector 安全漏洞 — LogStare Collector (for Windows) 4.9 -2025-11-21
CVE-2025-52639 HCL Connections is vulnerable to sensitive information disclosure — Connections 3.5 Low2025-11-18
CVE-2025-2615 Insertion of Sensitive Information Into Sent Data in GitLab — GitLab 4.3 Medium2025-11-15
CVE-2025-7000 Insertion of Sensitive Information Into Sent Data in GitLab — GitLab 4.3 Medium2025-11-15
CVE-2025-64748 Directus's conceal fields are searchable if read permissions enabled — directus 6.5 Medium2025-11-13
CVE-2025-59509 Windows Speech Recognition Information Disclosure Vulnerability — Windows 10 Version 1809 5.5 Medium2025-11-11
CVE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details — parse-server 5.3 -2025-11-10
CVE-2025-62039 WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.6.6 - Sensitive Data Exposure vulnerability — AI ChatBot with ChatGPT and Content Generator by AYS 7.5 High2025-11-06
CVE-2025-62038 WordPress MeetingHub plugin <= 1.23.9 - Sensitive Data Exposure vulnerability — MeetingHub 6.5 Medium2025-11-06
CVE-2025-60188 WordPress Atarim plugin <= 4.2.1 - Sensitive Data Exposure vulnerability — Atarim 7.5 High2025-11-06
CVE-2025-55155 MantisBT: Authentication bypass for some passwords due to PHP type juggling — mantisbt 5.4 Medium2025-11-04
CVE-2025-64351 WordPress Rank Math SEO plugin <= 1.0.252.1 - Sensitive Data Exposure vulnerability — Rank Math SEO 4.3 Medium2025-10-31
CVE-2025-62979 WordPress ACF to REST API plugin <= 3.3.4 - Sensitive Data Exposure vulnerability — ACF to REST API 5.3 Medium2025-10-27
CVE-2025-62947 WordPress Publitio plugin <= 2.2.5 - Sensitive Data Exposure vulnerability — Publitio 5.0 Medium2025-10-27
CVE-2025-62895 WordPress Atarim plugin <= 4.2.1 - Sensitive Data Exposure vulnerability — Atarim 5.3 Medium2025-10-27
CVE-2025-62062 WordPress Easy Post Submission plugin <= 1.7.0 - Sensitive Data Exposure vulnerability — Easy Post Submission 5.3 Medium2025-10-22
CVE-2025-62026 WordPress Blockspare plugin <= 3.2.13.2 - Sensitive Data Exposure vulnerability — Blockspare 4.3 Medium2025-10-22
CVE-2025-59579 WordPress Simple Job Board plugin <= 2.13.7 - Sensitive Data Exposure vulnerability — Simple Job Board 7.5 High2025-10-22
CVE-2025-59578 WordPress ShopMagic plugin <= 4.5.6 - Sensitive Data Exposure vulnerability — ShopMagic 5.8 Medium2025-10-22
CVE-2025-53232 WordPress WP Gmail SMTP plugin <= 1.0.7 - Sensitive Data Exposure vulnerability — WP Gmail SMTP 5.8 Medium2025-10-22
CVE-2025-53218 WordPress AppExperts plugin <= 1.4.5 - Sensitive Data Exposure vulnerability — AppExperts 5.8 Medium2025-10-22
CVE-2025-59268 BIG-IP Configuration utility vulnerability — BIG-IP 5.3 Medium2025-10-15
CVE-2024-47569 Fortinet多款产品 安全漏洞 — FortiManager Cloud 4.2 Medium2025-10-14
CVE-2025-43825 Liferay Portal和Liferay DXP 安全漏洞 — Portal 9.1AICriticalAI2025-10-03
CVE-2025-11025 Information Disclosure in Vimeosoft Information Technologies' Vimesoft Corporate Messaging Platform — Vimesoft Corporate Messaging Platform 5.3 Medium2025-09-26
CVE-2025-9958 Insertion of Sensitive Information Into Sent Data in GitLab — GitLab 7.7 High2025-09-26
CVE-2025-60140 WordPress The Tribal Plugin <= 1.3.3 - Sensitive Data Exposure Vulnerability — The Tribal 5.3 Medium2025-09-26

Vulnerabilities classified as CWE-201 (通过发送数据的信息暴露) represent 285 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.