VYPR

CWE-201

Insertion of Sensitive Information Into Sent Data

BaseDraft

Description

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-12 · CAPEC-217 · CAPEC-612 · CAPEC-613 · CAPEC-618 · CAPEC-619 · CAPEC-621 · CAPEC-622 · CAPEC-623

CVEs mapped to this weakness (240)

page 10 of 12
  • CVE-2025-62026MedOct 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Blockspare Blockspare blockspare allows Retrieve Embedded Sensitive Data.This issue affects Blockspare: from n/a through <= 3.2.13.2.

  • CVE-2025-60095MedSep 26, 2025
    risk 0.28cvss 4.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Benjamin Intal Stackable stackable-ultimate-gutenberg-blocks allows Retrieve Embedded Sensitive Data.This issue affects Stackable: from n/a through <= 3.18.1.

  • CVE-2025-58649MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Retrieve Embedded Sensitive Data.This issue affects All In One SEO Pack: from n/a through <= 4.8.7.1.

  • CVE-2025-58252MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in jetmonsters Getwid getwid allows Retrieve Embedded Sensitive Data.This issue affects Getwid: from n/a through <= 2.1.2.

  • CVE-2025-58249MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Themeum Qubely qubely allows Retrieve Embedded Sensitive Data.This issue affects Qubely: from n/a through <= 1.8.14.

  • CVE-2025-44017MedSep 2, 2025
    risk 0.28cvss 4.3epss 0.00

    "Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT (JSON Web Token).

  • CVE-2024-8429MedDec 17, 2024
    risk 0.28cvss 4.3epss 0.00

    Improper Restriction of Excessive Authentication Attempts vulnerability in Digital Operation Services WiFiBurada allows Use of Known Domain Credentials. This issue affects WiFiBurada: before 1.0.5.

  • CVE-2024-37881MedJun 19, 2024
    risk 0.28cvss 5.3epss 0.01

    SiteGuard WP Plugin provides a functionality to customize the path to the login page wp-login.php and implements a measure to avoid redirection from other URLs. However, SiteGuard WP Plugin versions prior to 1.7.7 missed to implement a measure to avoid redirection from…

  • CVE-2024-32796MedApr 24, 2024
    risk 0.28cvss 4.3epss 0.01

    Insertion of Sensitive Information Into Sent Data vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite allows Retrieve Embedded Sensitive Data.This issue affects WP Fusion Lite: from n/a through <= 3.42.10.

  • CVE-2024-32782MedApr 24, 2024
    risk 0.28cvss 4.3epss 0.01

    Insertion of Sensitive Information Into Sent Data vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through <= 2.4.7.

  • CVE-2024-31278MedApr 10, 2024
    risk 0.28cvss 4.3epss 0.01

    Insertion of Sensitive Information Into Sent Data vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor.This issue affects Premium Addons for Elementor: from n/a through <= 4.10.22.

  • CVE-2026-34579MedMay 19, 2026
    risk 0.27cvss epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bug_monitor_add.php, a user with project-level access can add themselves…

  • CVE-2025-48996MedJun 2, 2025
    risk 0.27cvss 5.3epss 0.00

    HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the `haxPsuUsage` API…

  • CVE-2024-1435MedFeb 29, 2024
    risk 0.27cvss 5.3epss 0.01

    Insertion of Sensitive Information Into Sent Data vulnerability in tainacan Tainacan tainacan.This issue affects Tainacan: from n/a through <= 0.20.6.

  • CVE-2025-65944MedNov 25, 2025
    risk 0.26cvss epss 0.00

    Sentry-Javascript is an official Sentry SDKs for JavaScript. From version 10.11.0 to before 10.27.0, when a Node.js application using the Sentry SDK has sendDefaultPii: true it is possible to inadvertently send certain sensitive HTTP headers, including the Cookie header, to…

  • CVE-2025-48219LowMay 18, 2025
    risk 0.23cvss 3.5epss 0.00

    O2 UK before 2025-05-19 allows subscribers to determine the Cell ID of other subscribers by initiating an IMS (IP Multimedia Subsystem) call and then reading the utran-cell-id-3gpp field of a Cellular-Network-Info SIP header, aka an ECI (E-UTRAN Cell Identity) leak. The Cell ID…

  • CVE-2026-49370LowMay 29, 2026
    risk 0.22cvss 3.4epss 0.00

    In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests

  • CVE-2025-58246MedSep 23, 2025
    risk 0.21cvss 4.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on a fix. This is a low-severity vulnerability. Contributor-level privileges…

  • CVE-2025-55710MedAug 14, 2025
    risk 0.21cvss 4.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Steve Burge TaxoPress simple-tags allows Retrieve Embedded Sensitive Data.This issue affects TaxoPress: from n/a through <= 3.37.2.

  • CVE-2024-32028MedApr 12, 2024
    risk 0.20cvss 4.1epss 0.00

    OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of `OpenTelemetry.Instrumentation.Http` and `OpenTelemetry.Instrumentation.AspNetCore` the `url.full` writes attribute/tag on spans (`Activity`) when tracing is enabled for outgoing http requests and…