CWE-201

Insertion of Sensitive Information Into Sent Data

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

294 vulnerabilities with CWE-201
CVE-2026-42379 HIGH
WordPress Templately plugin <= 3.6.1 - Sensitive Data Exposure vulnerability
CVSS 7.7
CVE-2026-42042 MEDIUM
Axios <1.15.1, <0.31.1 - CSRF
CVSS 5.4
CVE-2026-5512 MEDIUM
Improper authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository names via mobile upload policy API
CVSS 4.3
CVE-2026-40161 HIGH
Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL
CVSS 7.7
CVE-2026-4525 HIGH
Vault Token Leaked to Backends via Authorization: Bearer Passthrough Header
CVSS 7.5
CVE-2026-5483 HIGH
Odh-dashboard: odh dashboard kubernetes service account exposure
CVSS 8.5
CVE-2026-39912 CRITICAL
v2board / Xboard Authentication Token Exposure via loginWithMailLink
CVSS 9.1
CVE-2026-39711 MEDIUM
WordPress RT-Theme 18 | Extensions plugin <= 2.5 - Sensitive Data Exposure vulnerability
CVSS 5.3
CVE-2026-39709 MEDIUM
WordPress The Tribal plugin <= 1.3.4 - Sensitive Data Exposure vulnerability
CVSS 5.3
CVE-2026-39586 MEDIUM
WordPress RepairBuddy plugin <= 4.1132 - Sensitive Data Exposure vulnerability
CVSS 5.3
CVE-2026-39570 MEDIUM
WordPress 12 Step Meeting List plugin <= 3.19.9 - Sensitive Data Exposure vulnerability
CVSS 5.3
CVE-2026-39564 MEDIUM
WordPress Sunshine Photo Cart plugin < 3.6.2 - Sensitive Data Exposure vulnerability
CVSS 5.3
CVE-2026-39542 MEDIUM
WordPress Doofinder for WooCommerce plugin <= 2.10.13 - Sensitive Data Exposure vulnerability
CVSS 5.3
CVE-2026-39473 MEDIUM
WordPress Simple History plugin <= 5.24.0 - Sensitive Data Exposure vulnerability
CVSS 5.3
CVE-2026-20151 HIGH
Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability
CVSS 7.3
CVE-2026-4927 MEDIUM
Devolutions Server 2026.1.6-2026.1.11 - Info Disclosure
CVSS 6.5
CVE-2026-34226 HIGH
Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies
CVSS 7.5
CVE-2026-32538 HIGH
WordPress SMTP Mailer plugin <= 1.1.24 - Sensitive Data Exposure vulnerability
CVSS 7.5
CVE-2026-25339 MEDIUM
WordPress Contact Form by WPForms plugin <= 1.9.8.7 - Sensitive Data Exposure vulnerability
CVSS 6.5
CVE-2026-32829 HIGH
lz4_flex: Decompression can leak information from uninitialized memory or reused output buffer
CVSS 7.5
CVE-2026-27935 MEDIUM
Discourse leaks private topic metadata to non-authorized users
CVE-2026-27934 HIGH
Discourse leaks private topic title and post excerpt via user action API endpoint
CVSS 7.5
CVE-2026-2578 MEDIUM
Information Disclosure via WebSocket Event When Deleting Unrevealed Burn on Read Posts
CVSS 4.3
CVE-2026-32354 MEDIUM
WpEvently <5.1.9 - Info Disclosure
CVSS 5.3
CVE-2026-28481 MEDIUM
OpenClaw <2026.1.30 - Info Disclosure
CVSS 6.5
Details
Vulnerabilities 294
Links
MITRE CWE Entry Search this CWE With Exploits