CWE-598

Use of HTTP Request With Sensitive Query String

Parent: CWE-201 - Insertion of Sensitive Information Into Sent Data

The web application uses an HTTP method to process a request, but the request includes sensitive information in the query string.

74 vulnerabilities with CWE-598
CVE-2026-34020 HIGH
Apache OpenMeetings: Login Credentials Passed via GET Query Parameters
CVSS 7.5
CVE-2026-27949 LOW
Plane Exposes User Email (PII and part of credential) in GET Parameter
CVSS 2.0
CVE-2026-34969 HIGH
Nhost Leaks the Refresh Token via URL Query Parameter in OAuth Provider Callback
CVSS 7.5
CVE-2026-25118 HIGH
immich-server: Insecure Transmission of Authentication Credentials via Password Parameter in HTTP Request Query String When Accessing Shared Albums
CVSS 7.5
CVE-2026-33620 MEDIUM
PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems
CVSS 4.3
CVE-2026-31381 MEDIUM
Gainsight Assist plugin information disclosure
CVSS 5.3
CVE-2026-26196 MEDIUM
Gogs <0.14.2 - Info Disclosure
CVSS 5.3
CVE-2026-26721 HIGH
Key Systems GFMS 20230721a - Info Disclosure
CVSS 7.1
CVE-2026-23846 HIGH
Tugtainer <1.16.1 - Info Disclosure
CVSS 8.1
CVE-2026-22644 MEDIUM
Certain Requests - Open Redirect
CVSS 5.3
CVE-2025-14808 LOW
IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information
CVSS 3.1
CVE-2025-14811 LOW
IBM Sterling Partner Engagement Manager 6.2.3.0-6.2.3.5/6.2.4.0-6.2.4.2 - Info Disclosure
CVSS 3.1
CVE-2025-13219 MEDIUM
IBM Aspera Orchestrator 3.0.0-4.1.2 - Info Disclosure
CVSS 5.9
CVE-2025-41772 HIGH
UBR - Info Disclosure
CVSS 7.5
CVE-2025-59873 MEDIUM
HCL ZIE for Web v16 - Info Disclosure
CVSS 5.9
CVE-2025-69634 CRITICAL
Dolibarr ERP & CRM <22.0.9 - CSRF
CVSS 9.0
CVE-2025-69270 CRITICAL
Broadcom DX NetOps Spectrum <24.3.8 - Info Disclosure
CVSS 9.8
CVE-2025-36371 MEDIUM
IBM i <7.7 - Info Disclosure
CVSS 6.5
CVE-2025-31954 MEDIUM
Hcltech Dryice Iautomate - Information Disclosure
CVSS 5.4
CVE-2025-32916 MEDIUM
Checkmk GmbH Checkmk <2.4.0p13-2.1.0 - Info Disclosure
CVSS 4.3
CVE-2025-58584 MEDIUM
HTTP Request - Info Disclosure
CVSS 5.3
CVE-2025-56551 HIGH
DirectAdmin <1.680 - XSS
CVSS 8.2
CVE-2025-50709 MEDIUM
Perplexity AI GPT-4 - Info Disclosure
CVSS 4.3
CVE-2025-50110 HIGH
AVTECH EagleEyes Lite <2.0.0 - Info Disclosure
CVSS 8.8
CVE-2025-54542 MEDIUM
QuickCMS <6.8 - Info Disclosure
CVSS 5.5
Details
Vulnerabilities 74
Links
MITRE CWE Entry Search this CWE With Exploits