CWE-201

Insertion of Sensitive Information Into Sent Data

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

324 vulnerabilities with CWE-201
CVE-2024-13269 MEDIUM
Drupal Advanced Varnish <4.0.11 - Info Disclosure
CVSS 5.3
CVE-2024-13259 HIGH
Drupal Image Sizes <3.0.2 - Info Disclosure
CVSS 7.5
CVE-2024-13254 HIGH
Drupal REST Views <3.0.1 - Info Disclosure
CVSS 7.5
CVE-2024-56300 HIGH
WPSpins Post/Page Copying Tool <2.0.0 - Info Disclosure
CVSS 7.5
CVE-2024-8429 MEDIUM
WiFiBurada < 1.0.5 - Use of Known Domain Credentials via Excessive Authentication Attempts
CVSS 4.3
CVE-2024-54309 MEDIUM
wpdebuglog PostBox <1.0.4 - Info Disclosure
CVSS 6.5
CVE-2024-53804 HIGH
WP Mailster <1.8.16.0 - Info Disclosure
CVSS 7.5
CVE-2024-3502 HIGH
lunary-ai/lunary <1.2.5 - Info Disclosure
CVSS 8.1
CVE-2024-50378 MEDIUM
Apache Airflow < 2.10.3 - Authenticated Sensitive Information Exposure in Audit Logs
CVSS 4.9
CVE-2024-49235 HIGH
Contact Forms, Live Support, CRM, Video Messages <= 1.10.2 - Sensitive Data Exposure via Embedded Data Retrieval
CVSS 7.5
CVE-2024-6747 MEDIUM
Checkmk <2.3.0p18, <2.2.0p36, <2.1.0p49, EOL - Info Disclosure
CVSS 5.3
CVE-2024-47128 MEDIUM
goTenna Pro < 1.6.1 and < 2.0.3 - Sensitive Information Exposure via Unencrypted Key Name Broadcast
CVSS 4.3
CVE-2024-43814 MEDIUM
goTenna Pro ATAK Plugin - Info Disclosure
CVSS 4.3
CVE-2024-41931 MEDIUM
goTenna Pro ATAK Plugin - Info Disclosure
CVSS 4.3
CVE-2024-8890 HIGH
CIRCUTOR Q-SMT <1.0.4 - Info Disclosure
CVSS 8.0
CVE-2024-7698 MEDIUM
Phoenix Contact mGuard Firmware < 8.9.3 - CSRF Token Exposure via Low Privilege Access
CVSS 5.7
CVE-2024-6586 HIGH
Lightdash 0.1024.6-<0.1027.2 - Authenticated Server-Side Request Forgery via Dashboard Export
CVSS 7.3
CVE-2024-43264 MEDIUM
Mediavine Create <1.9.8 - Info Disclosure
CVSS 5.3
CVE-2024-43259 MEDIUM
JEM Plugins Order Export for WooCommerce - Info Disclosure
CVSS 5.3
CVE-2024-43230 MEDIUM
Shared Files <1.7.28 - Info Disclosure
CVSS 5.3
CVE-2024-43283 MEDIUM
Contest Gallery <23.1.2 - Info Disclosure
CVSS 5.3
CVE-2024-38787 HIGH
Codection <1.26.8 - Info Disclosure
CVSS 7.5
CVE-2024-31200 MEDIUM
Proges Sensor Net Connect Firmware - Information Disclosure via Administrative Session
CVSS 4.2
CVE-2024-7205 CRITICAL
eWeLink Cloud Service <2.19.0 - Privilege Escalation
CVE-2024-38372 LOW
undici >=6.14.0 <6.19.2 - Information Exposure via response.arrayBuffer()
CVSS 2.0
Details
Vulnerabilities 324
Links
MITRE CWE Entry Search this CWE With Exploits