Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-212

CWE-212

Improper Removal of Sensitive Information Before Storage or Transfer

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

115 vulnerabilities with CWE-212

CVE-2026-54421 MEDIUM

Openstack Ironic < 35.0.1 - Improper Removal of Sensitive Information Before Storage or Transfer

CVE-2026-46657 HIGH

Bludit's persistent authentication tokens not revoked upon account disablement

CVE-2026-36178 MEDIUM

GNCC GP5 7.1.76 - Sensitive Data Exposure via Incomplete Factory Reset

CVE-2026-45046 MEDIUM

Gryph Agents Payload Filter Fails to Strip Tool Payload for Sensitive Content

CVE-2026-27892 MEDIUM

FacturaScripts: Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download

CVE-2026-42186 HIGH

OpenBao's Namespace Deletion May Not Delete Data Properly

CVE-2026-42880 CRITICAL

ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction

CVE-2026-43528 MEDIUM

OpenClaw < 2026.4.14 - Redaction Bypass via sourceConfig and runtimeConfig Aliases

CVE-2026-43824 HIGH

Argo CD 3.2.0-3.2.11 - Info Disclosure

CVE-2026-20928 MEDIUM

Windows Recovery Environment Security Feature Bypass Vulnerability

CVE-2026-39937 HIGH

Global vanishing does not completely remove user email

CVE-2026-34214 HIGH

Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON

CVE-2026-32891 CRITICAL

Anchorr Privilege Escalation: Jellyseerr User → Anchorr Admin via Stored XSS

CVE-2026-1182 MEDIUM

GitLab 8.14.0-18.7.5, 18.8.0-18.8.5, 18.9.0-18.9.1 - Authenticated Unauthorized Access to Confidential Issue Titles

CVE-2026-1732 MEDIUM

GitLab 12.6-18.7.5, 18.8-18.8.5, 18.9-18.9.1 - Authenticated Confidential Issue Title Disclosure via Improper Filtering

CVE-2026-27640 HIGH

tfplan2md <1.26.1 - Info Disclosure

CVE-2025-8860 LOW

Red Hat Enterprise Linux 6-9 - Information Disclosure via QEMU uefi-vars Device Buffer Reuse

CVE-2025-61643 MEDIUM

MediaWiki <1.39.14, 1.43.4, 1.44.1 - Info Disclosure

CVE-2025-59955 MEDIUM

Coolify <= 4.0.0-beta.420.8 - Authenticated Information Disclosure via Team Members API

CVE-2025-68131 HIGH

cbor2 3.0.0-5.7.9 - Information Exposure via Shared Reference Tag

CVE-2025-61594 HIGH

URI < 0.12.5, 0.13.0-0.13.2, 1.0.0-1.0.3 - Exposure of Sensitive Information via URI Combination Operator

CVE-2025-14267 MEDIUM

M-Files Server <25.12.15491.7 - Info Disclosure

CVE-2025-65000 MEDIUM

Checkmk <=2.4.0p18, <=2.3.0 - Info Disclosure

CVE-2025-65965 HIGH

Grype 0.68.0-0.104.0 - Credential Disclosure via JSON Output File

CVE-2025-62483 MEDIUM

Zoom Client <6.5.10 - Info Disclosure

Page 1 of 5 Next

Details

Vulnerabilities 115

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy