Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-201 (通过发送数据的信息暴露) — Vulnerability Class 285

285 vulnerabilities classified as CWE-201 (通过发送数据的信息暴露). AI Chinese analysis included.

CWE-201 represents an information exposure weakness where software inadvertently transmits sensitive data to unauthorized external actors. This vulnerability typically arises when developers fail to sanitize output streams, allowing credentials, personal identifiable information, or internal system states to leak through network logs, error messages, or API responses. Attackers exploit this by intercepting traffic or analyzing server-side feedback to harvest critical secrets, facilitating further unauthorized access or identity theft. To mitigate this risk, developers must implement strict data filtering and validation protocols before transmission. Utilizing secure logging frameworks that mask sensitive fields, employing encryption for data in transit, and conducting regular code reviews to identify accidental data leaks are essential practices. Ensuring that only necessary, non-sensitive information is shared with external entities significantly reduces the attack surface and protects user privacy.

MITRE CWE Description
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Common Consequences (1)
ConfidentialityRead Files or Directories, Read Memory, Read Application Data
Sensitive data may be exposed to attackers.
Mitigations (4)
RequirementsSpecify which data in the software should be regarded as sensitive. Consider which types of users should have access to which types of data.
ImplementationEnsure that any possibly sensitive data specified in the requirements is verified with designers to ensure that it is either a calculated risk or mitigated elsewhere. Any information that is not necessary to the functionality should be removed in order to lower both the overhead and the possibility of security sensitive data being sent.
System ConfigurationSetup default error messages so that unexpected errors do not disclose sensitive information.
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
Examples (1)
The following is an actual MySQL error statement:
Warning: mysql_pconnect(): Access denied for user: 'root@localhost' (Using password: N1nj4) in /usr/local/www/wi-data/includes/database.inc on line 4
Result · SQL
CVE IDTitleCVSSSeverityPublished
CVE-2025-26318 TSplus Remote Access 安全漏洞 — TSplus Remote Access 5.8 Medium2025-03-04
CVE-2025-24567 WordPress WP Mailster plugin <= 1.8.16.0 - Sensitive Data Exposure vulnerability — WP Mailster 6.5 Medium2025-02-14
CVE-2025-24639 WordPress Korea for WooCommerce plugin <= 1.1.11 - Sensitive Data Exposure vulnerability — Korea for WooCommerce 6.5 Medium2025-02-03
CVE-2025-24597 WordPress Barcode Generator for WooCommerce plugin <= 2.0.2 - Sensitive Data Exposure vulnerability — Barcode Generator for WooCommerce 6.5 Medium2025-01-31
CVE-2025-24858 Gradle 安全漏洞 — Enterprise 9.8 -2025-01-26
CVE-2023-38013 IBM Cloud Pak System information disclosure — Cloud Pak System 5.3 Medium2025-01-25
CVE-2025-24582 WordPress 12 Step Meeting List plugin <= 3.16.5 - Sensitive Data Exposure vulnerability — 12 Step Meeting List 5.3 Medium2025-01-24
CVE-2025-23781 WordPress WM Options Import Export plugin <= 1.0.1 - Sensitive Data Exposure vulnerability — WM Options Import Export 7.5 High2025-01-22
CVE-2025-23774 WordPress WPDB to Sql plugin <= 1.2 - Sensitive Data Exposure vulnerability — WPDB to Sql 7.5 High2025-01-22
CVE-2024-45653 IBM Sterling Connect:Direct Web Services information disclosure — Sterling Connect:Direct Web Services 4.3 Medium2025-01-19
CVE-2024-50633 Indico 安全漏洞 — Indico--2025-01-16
CVE-2024-46665 Fortinet FortiOS 安全漏洞 — FortiOS 3.5 Low2025-01-14
CVE-2024-13276 File Entity (fieldable files) - Moderately critical - Information Disclosure - SA-CONTRIB-2024-040 — File Entity (fieldable files) 7.1 -2025-01-09
CVE-2024-13269 Advanced Varnish - Moderately critical - Access bypass - SA-CONTRIB-2024-033 — Advanced Varnish 9.1 -2025-01-09
CVE-2024-13259 Image Sizes - Moderately critical - Access bypass - SA-CONTRIB-2024-023 — Image Sizes 9.1 -2025-01-09
CVE-2024-13254 REST Views - Moderately critical - Information Disclosure - SA-CONTRIB-2024-018 — REST Views 5.3 -2025-01-09
CVE-2024-56300 WordPress Post/Page Copying Tool plugin <= 2.0.0 - Sensitive Data Exposure vulnerability — Post/Page Copying Tool 7.5 High2025-01-07
CVE-2025-22303 WordPress WP Mailster plugin <= 1.8.17.0 - Sensitive Data Exposure vulnerability — WP Mailster 5.3 Medium2025-01-07
CVE-2024-54309 WordPress PostBox plugin <= 1.0.4 - Sensitive Data Exposure vulnerability — PostBox 6.5 Medium2024-12-13
CVE-2024-53804 WordPress WP Mailster plugin <= 1.8.16.0 - Sensitive Data Exposure vulnerability — WP Mailster 7.5 High2024-12-06
CVE-2021-1425 Cisco Cisco Email Security Appliance and Content Security Management Appliance Information Disclosure Vulnerability — Cisco Secure Email and Web Manager 4.3 Medium2024-11-18
CVE-2024-3502 Exposure of Sensitive Information in lunary-ai/lunary — lunary-ai/lunary 6.5 -2024-11-14
CVE-2024-50378 Apache Airflow: Secrets not masked in UI when sensitive variables are set via Airflow cli — Apache Airflow 6.5 -2024-11-08
CVE-2024-49235 WordPress Contact Forms, Live Support, CRM, Video Messages plugin <= 1.10.2 - Sensitive Data Exposure vulnerability — Contact Forms, Live Support, CRM, Video Messages 7.5 High2024-10-17
CVE-2024-6747 Information leak in mknotifyd — Checkmk 5.3 Medium2024-10-10
CVE-2024-43814 goTenna Pro ATAK Plugin Insertion of Sensitive Information Into Sent Data — Pro ATAK Plugin 4.3 Medium2024-09-26
CVE-2024-41931 goTenna Pro ATAK Plugin Insertion of Sensitive Information Into Sent Data — Pro ATAK Plugin 4.3 Medium2024-09-26
CVE-2024-47128 Insertion of Sensitive Information Into Sent Data in goTenna Pro — Pro 4.3 Medium2024-09-26
CVE-2024-8890 Insertion of Sensitive Information Into Sent Data vulnerability on CIRCUTOR Q-SMT — CIRCUTOR Q-SMT 8.0 High2024-09-18
CVE-2024-7698 Phoenix Contact: Access to CSRF tokens of higher privileged users in MGUARD products — FL MGUARD 2102 5.7 Medium2024-09-10

Vulnerabilities classified as CWE-201 (通过发送数据的信息暴露) represent 285 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.