CWE-598

Use of HTTP Request With Sensitive Query String

Parent: CWE-201 - Insertion of Sensitive Information Into Sent Data

The web application uses an HTTP method to process a request, but the request includes sensitive information in the query string.

80 vulnerabilities with CWE-598

CVE-2025-32916 MEDIUM

Checkmk GmbH Checkmk <2.4.0p13-2.1.0 - Info Disclosure

CVSS 4.3

CVE-2025-58584 MEDIUM

SICK Baggage Analytics < 4.6.3 - Credential Exposure via URL Query Parameters

CVSS 5.3

CVE-2025-56551 HIGH

DirectAdmin 1.680 - Unauthenticated Login Interface Spoofing via Crafted GET Request

CVSS 8.2

CVE-2025-50709 MEDIUM

Perplexity AI GPT-4 - Info Disclosure

CVSS 4.3

CVE-2025-50110 HIGH

AVTECH EagleEyes Lite <2.0.0 - Info Disclosure

CVSS 8.8

CVE-2025-54542 MEDIUM

QuickCMS 6.8 - Credential Exposure via GET Request

CVSS 5.5

CVE-2025-8997 MEDIUM

OpenText Enterprise Security Manager - Info Disclosure

CVE-2025-57800 HIGH

Audiobookshelf <2.26.3 - Open Redirect

CVSS 8.8

CVE-2025-51651 MEDIUM

Mccms 2.7.0 - Authenticated Arbitrary File Download via Backups.php

CVSS 5.5

CVE-2025-40742 MEDIUM

SIPROTEC 5 - Session Identifier Exposure via URL Query String

CVSS 5.3

CVE-2025-52901 MEDIUM

File Browser <2.33.9 - Info Disclosure

CVSS 4.5

CVE-2025-49188 MEDIUM

Sick Field Analytics - Information Disclosure via URL Parameters

CVSS 5.3

CVE-2025-3943 MEDIUM

Tridium Niagara <4.14.2-4.15.1-4.10.11 - Parameter Injection

CVSS 4.1

CVE-2025-3637 LOW

Moodle < 4.3.12 - Sensitive Query String Exposure in mod_data Edit and Delete Pages

CVSS 3.1

CVE-2025-32021 LOW

Weblate < 5.11 - Sensitive Information Exposure via Repository URL Query Parameter

CVSS 2.2

CVE-2025-24948 MEDIUM

JotUrl 2.0 - Credential Exposure via HTTP GET Request

CVSS 6.5

CVE-2025-2356 LOW

BlackVue App 3.65 - Sensitive Query String Exposure via API Handler

CVSS 3.7

CVE-2025-1738 MEDIUM

Trivision Camera NC227WF <5.8.0 - Info Disclosure

CVSS 6.2

CVE-2025-26058 MEDIUM

Webkul QloApps <1.6.1 - Info Disclosure

CVSS 4.2

CVE-2025-26473 HIGH

OutBack Power Mojave Inverter OGHI8048A Firmware - Sensitive Information Exposure via HTTP GET Request

CVSS 7.5

CVE-2025-0730 LOW

TP-Link TL-SG108E <1.0.0 Build 20201208 Rel. 40304 - Use After Free

CVSS 3.7

CVE-2025-22387 HIGH

Optimizely Configured Commerce <5.2.2408 - Info Disclosure

CVSS 7.5

CVE-2024-9877 MEDIUM

ABB ANC, ANC-L, and ANC-mini <= 1.1.4 - Sensitive Information Exposure via GET Request Query Strings

CVSS 4.3

CVE-2024-12012 MEDIUM

130.8005 TCP/IP Gateway <12h - Info Disclosure

CVSS 5.7

CVE-2024-41738 MEDIUM

IBM TXSeries for Multiplatforms 10.1 - Info Disclosure

CVSS 5.9

Details

Vulnerabilities 80

Links