CWE-209

High likelihood

Generation of Error Message Containing Sensitive Information

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The product generates an error message that includes sensitive information about its environment, users, or associated data.

561 vulnerabilities with CWE-209
CVE-2026-47248 MEDIUM
Parse Server: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers
CVE-2026-40997 MEDIUM
SOAP security faults leak Spring Security account state
CVSS 5.3
CVE-2026-41730 MEDIUM
Spring Data REST exposes persistence-layer internals in error responses
CVSS 5.3
CVE-2026-9794 MEDIUM
Keycloak: keycloak: information disclosure via saml ecp endpoint
CVSS 5.3
CVE-2026-42459 HIGH
free5GC: Improper Input Validation and Generation of Error Message Containing Sensitive Information in github.com/free5gc/udm
CVSS 7.5
CVE-2026-1248 MEDIUM
IBM Business Automation Workflow information leak
CVSS 4.3
CVE-2026-9583 MEDIUM
SourceCodester CET Automated Grading System with AI Predictive Analytics SQL index.php information exposure
CVSS 4.3
CVE-2026-45728 HIGH
Algernon: Single-file mode unconditionally enables debug mode
CVSS 7.5
CVE-2026-5511 LOW
Information Disclosure via Diagnostic Interface Due to Improper Input Validation on TP-Link's Archer AX72
CVSS 2.7
CVE-2026-7860 LOW
Possible information disclosure of environment variables in Vaadin Build Plugins via Failed Frontend Build
CVE-2026-41935 HIGH
Vvveb < 1.0.8.3 Uncontrolled Recursion Denial of Service
CVSS 7.1
CVE-2026-42552 HIGH
Flight: Sensitive information disclosure via default error handler in flightphp/core
CVSS 7.5
CVE-2026-44002 MEDIUM
vm2: Host File Path Disclosure via Stack Trace Information Leak
CVSS 5.8
CVE-2026-43873 HIGH
WWBN AVideo: Unauthenticated Disclosure of CloneSite `myKey` via Error Echo in `cloneClient.json.php` Enables Cross-Site DB Dump of the Configured Clone Server
CVSS 7.5
CVE-2026-44226 MEDIUM
pyLoad: Unauthenticated traceback disclosure via global exception handler in WebUI
CVSS 5.3
CVE-2026-41644 HIGH
monetr is vulnerable to server-side request forgery in Lunch Flow link creation and refresh
CVSS 7.1
CVE-2026-41931 MEDIUM
Vvveb < 1.0.8.2 Information Disclosure via Debug Exception Handler
CVSS 5.3
CVE-2026-40969 LOW
Spring gRPC AuthenticationException message reflected to remote client
CVSS 3.7
CVE-2026-3259 HIGH
Sensitive Data Disclosure in BigQuery via Materialized View Error Messages
CVE-2026-40245 HIGH
Free5GC: UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication
CVSS 7.5
CVE-2026-29146 HIGH
Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default
CVSS 7.5
CVE-2026-24511 MEDIUM
Dell PowerScale OneFS 9.5.0.0-9.10.1.6 and 9.11.0.0-9.13.0.0 - Authenticated Information Disclosure via Error Message
CVSS 4.4
CVE-2026-34045 HIGH
Podman Desktop WebView Server Exposed
CVSS 8.2
CVE-2026-4994 LOW
wandb OpenUI APIStatusError server.py generic_exception_handler information exposure
CVSS 3.5
CVE-2026-28786 MEDIUM
Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`
CVSS 4.3
Details
Vulnerabilities 561
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits