VYPR

CWE-201

Insertion of Sensitive Information Into Sent Data

BaseDraft

Description

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-12 · CAPEC-217 · CAPEC-612 · CAPEC-613 · CAPEC-618 · CAPEC-619 · CAPEC-621 · CAPEC-622 · CAPEC-623

CVEs mapped to this weakness (240)

page 3 of 12
  • CVE-2024-56300HigJan 7, 2025
    risk 0.49cvss 7.5epss 0.01

    Insertion of Sensitive Information Into Sent Data vulnerability in wpspin Post/Page Copying Tool postpage-import-export-with-custom-fields-taxonomies allows Retrieve Embedded Sensitive Data.This issue affects Post/Page Copying Tool: from n/a through <= 2.0.0.

  • CVE-2024-53804HigDec 6, 2024
    risk 0.49cvss 7.5epss 0.01

    Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.16.0.

  • CVE-2024-49235HigOct 17, 2024
    risk 0.49cvss 7.5epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in videowhisper Contact Forms, Live Support, CRM, Video Messages live-support-tickets allows Retrieve Embedded Sensitive Data.This issue affects Contact Forms, Live Support, CRM, Video Messages: from n/a through <=…

  • CVE-2024-38787HigAug 13, 2024
    risk 0.49cvss 7.5epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.8.

  • CVE-2016-10519HigMay 31, 2018
    risk 0.49cvss 7.5epss 0.02

    A security issue was found in bittorrent-dht before 5.1.3 that allows someone to send a specific series of messages to a listening peer and get it to reveal internal memory.

  • CVE-2026-49082HigJun 15, 2026
    risk 0.48cvss 7.4epss 0.00

    Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons <= 1.4.8 versions.

  • CVE-2026-46481HigJun 8, 2026
    risk 0.47cvss 8.3epss 0.00

    OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in…

  • CVE-2026-42746HigMay 27, 2026
    risk 0.47cvss 7.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online Order for Clover: from n/a through <= 1.6.0.

  • CVE-2026-20151HigApr 1, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to the improper transmission of sensitive user information. An…

  • CVE-2023-6916HigApr 10, 2024
    risk 0.47cvss 7.2epss 0.01

    Audit records for OpenAPI requests may include sensitive information. This could lead to unauthorized accesses and privilege escalation.

  • CVE-2025-66566HigDec 5, 2025
    risk 0.46cvss epss 0.01

    yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where…

  • CVE-2025-8862HigAug 11, 2025
    risk 0.46cvss epss 0.00

    YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. To mitigate this, we recommend upgrading the database to a version where this information is properly redacted.

  • CVE-2025-3529HigApr 23, 2025
    risk 0.46cvss 8.2epss 0.00

    The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'file_url' parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and…

  • CVE-2026-45049higJun 23, 2026
    risk 0.45cvss epss

    ## Summary **Description** An Information Exposure Through Sent Data (CWE-201) issue in OpenAM's Cross-Domain Single Sign-On (CDSSO) servlet allows a logged-in user's raw OpenAM session token to be POSTed to an attacker-controlled URL. This impacts OpenAM Community Edition…

  • CVE-2025-7708MedFeb 9, 2026
    risk 0.44cvss 6.8epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation. This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not…

  • CVE-2026-4035HigJun 3, 2026
    risk 0.43cvss 7.7epss 0.00

    A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because…

  • CVE-2026-40161HigApr 21, 2026
    risk 0.43cvss 7.7epss 0.00

    Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a…

  • CVE-2025-66035HigNov 26, 2025
    risk 0.43cvss epss 0.01

    Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability…

  • CVE-2026-54197MedJun 16, 2026
    risk 0.42cvss 6.5epss 0.00

    Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions.

  • CVE-2026-48965MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Subscriber Sensitive Data Exposure in XCloner <= 4.8.6 versions.