目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-201 通过发送数据的信息暴露 类漏洞列表 285

CWE-201 通过发送数据的信息暴露 类弱点 285 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-201属于信息泄露类漏洞,指代码在向外部实体传输数据时,意外包含了不应被该实体访问的敏感信息。攻击者通常通过拦截网络流量或日志分析,窃取如密码、密钥或个人隐私等机密数据,进而实施身份伪造或进一步渗透。开发者应避免在日志、调试输出或API响应中记录敏感字段,采用数据最小化原则,并对传输内容进行加密与脱敏处理,确保仅传输必要且授权的信息。

MITRE CWE 官方描述
CWE:CWE-201 将敏感信息插入到发送数据中 英文:代码将数据发送给另一个实体,但数据的一部分包含该实体不应访问的敏感信息。
常见影响 (1)
ConfidentialityRead Files or Directories, Read Memory, Read Application Data
Sensitive data may be exposed to attackers.
缓解措施 (4)
RequirementsSpecify which data in the software should be regarded as sensitive. Consider which types of users should have access to which types of data.
ImplementationEnsure that any possibly sensitive data specified in the requirements is verified with designers to ensure that it is either a calculated risk or mitigated elsewhere. Any information that is not necessary to the functionality should be removed in order to lower both the overhead and the possibility of security sensitive data being sent.
System ConfigurationSetup default error messages so that unexpected errors do not disclose sensitive information.
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
代码示例 (1)
The following is an actual MySQL error statement:
Warning: mysql_pconnect(): Access denied for user: 'root@localhost' (Using password: N1nj4) in /usr/local/www/wi-data/includes/database.inc on line 4
Result · SQL
CVE ID标题CVSS风险等级Published
CVE-2025-55710 WordPress plugin TaxoPress 安全漏洞 — TaxoPress 4.3 Medium2025-08-14
CVE-2025-54685 WordPress plugin SureDash 安全漏洞 — SureDash 6.5 Medium2025-08-14
CVE-2025-8862 YugabyteDB 安全漏洞 — YugabyteDB 5.3 -2025-08-11
CVE-2025-7204 ConnectWise PSA 安全漏洞 — PSA 6.5 Medium2025-07-09
CVE-2025-53322 WordPress plugin Accept Authorize.NET Payments Using Contact Form 安全漏洞 — Accept Authorize.NET Payments Using Contact Form 7 5.3 Medium2025-06-27
CVE-2025-53309 WordPress plugin Accept Stripe Payments Using Contact Form 安全漏洞 — Accept Stripe Payments Using Contact Form 7 5.3 Medium2025-06-27
CVE-2025-49584 XWiki Platform 安全漏洞 — xwiki-platform 5.3AIMediumAI2025-06-13
CVE-2025-48261 WordPress plugin MultiVendorX 安全漏洞 — MultiVendorX 7.5 High2025-06-09
CVE-2025-49294 WordPress plugin Crawlomatic Multisite Scraper Post Generator 安全漏洞 — Crawlomatic Multisite Scraper Post Generator 5.3 Medium2025-06-06
CVE-2025-5733 WordPress plugin Modern Events Calendar Lite 安全漏洞 — Modern Events Calendar Lite 5.3 Medium2025-06-06
CVE-2025-31134 FreshRSS 安全漏洞 — FreshRSS 5.3AIMediumAI2025-06-04
CVE-2025-48934 Deno 安全漏洞 — deno 7.5AIHighAI2025-06-04
CVE-2025-48996 open-apis 安全漏洞 — issues 5.3 Medium2025-06-02
CVE-2025-48331 WordPress plugin WooCommerce Orders & Customers Exporter 安全漏洞 — WooCommerce Orders & Customers Exporter 7.5 High2025-05-30
CVE-2025-48381 Computer Vision Annotation Tool 安全漏洞 — cvat 4.3AIMediumAI2025-05-30
CVE-2025-48045 MICI NetFax Server 安全漏洞 — NetFax Server 7.5AIHighAI2025-05-29
CVE-2025-39498 WordPress plugin Spotlight Social Feeds 安全漏洞 — Spotlight - Social Media Feeds (Premium) 5.3 Medium2025-05-26
CVE-2025-47541 WordPress plugin Mail Mint 安全漏洞 — Mail Mint 7.5 High2025-05-23
CVE-2025-48219 O2 VoLTE 安全漏洞 — O2 3.5 Low2025-05-18
CVE-2025-47775 Bullfrog 安全漏洞 — bullfrog 6.2 Medium2025-05-14
CVE-2025-3529 WordPress plugin Simple Shopping Cart 安全漏洞 — Simple Shopping Cart 8.2 High2025-04-23
CVE-2025-32594 WordPress plugin Simple WP Events 安全漏洞 — Simple WP Events 7.5 High2025-04-17
CVE-2025-32635 WordPress plugin Hive Support 安全漏洞 — Hive Support 7.5 High2025-04-17
CVE-2025-26335 Dell PowerProtect Cyber Recovery 安全漏洞 — PowerProtect Cyber Recovery 5.8 Medium2025-04-11
CVE-2025-27244 Hammock AssetView 安全漏洞 — AssetView 7.5 -2025-04-02
CVE-2025-31842 WordPress plugin Viral Loops WP Integration 安全漏洞 — Viral Loops WP Integration 5.3 Medium2025-04-01
CVE-2025-27001 WordPress plugin Shipmondo 安全漏洞 — Shipmondo – A complete shipping solution for WooCommerce 6.5 Medium2025-03-28
CVE-2025-30609 WordPress plugin AppExperts AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps 安全漏洞 — AppExperts 5.3 Medium2025-03-24
CVE-2025-2565 Liferay Portal和Liferay DXP 安全漏洞 — Portal 7.5 -2025-03-20
CVE-2024-7872 ExtremePacs Extreme XDS 安全漏洞 — Extreme XDS 7.6 High2025-03-06

CWE-201(通过发送数据的信息暴露) 是常见的弱点类别,本平台收录该类弱点关联的 285 条 CVE 漏洞。