VYPR

CWE-201

Insertion of Sensitive Information Into Sent Data

BaseDraft

Description

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-12 · CAPEC-217 · CAPEC-612 · CAPEC-613 · CAPEC-618 · CAPEC-619 · CAPEC-621 · CAPEC-622 · CAPEC-623

CVEs mapped to this weakness (240)

page 6 of 12
  • CVE-2025-68515MedMar 5, 2026
    risk 0.38cvss 5.8epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Roland Murg WP Booking System wp-booking-system allows Retrieve Embedded Sensitive Data.This issue affects WP Booking System: from n/a through <= 2.0.19.12.

  • CVE-2025-68855MedFeb 20, 2026
    risk 0.38cvss 5.9epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in themeglow JobBoard Job listing job-board-light allows Retrieve Embedded Sensitive Data.This issue affects JobBoard Job listing: from n/a through <= 1.2.8.

  • CVE-2025-59003MedDec 31, 2025
    risk 0.38cvss 5.8epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in inkthemescom ColorWay colorway allows Retrieve Embedded Sensitive Data.This issue affects ColorWay: from n/a through <= 4.2.3.

  • CVE-2025-49919MedDec 18, 2025
    risk 0.38cvss 5.8epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in DigitalME eRoom eroom-zoom-meetings-webinar allows Retrieve Embedded Sensitive Data.This issue affects eRoom: from n/a through <= 1.5.6.

  • CVE-2025-49918MedDec 18, 2025
    risk 0.38cvss 5.9epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Retrieve Embedded Sensitive Data.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.8.2.

  • CVE-2025-64502MedNov 10, 2025
    risk 0.38cvss epss 0.00

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB `explain()` method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior…

  • CVE-2025-59578MedOct 22, 2025
    risk 0.38cvss 5.8epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in wpdesk ShopMagic shopmagic-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects ShopMagic: from n/a through <= 4.5.6.

  • CVE-2025-53232MedOct 22, 2025
    risk 0.38cvss 5.8epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in inkthemes WP Gmail SMTP wp-gmail-smtp allows Retrieve Embedded Sensitive Data.This issue affects WP Gmail SMTP: from n/a through <= 1.0.7.

  • CVE-2025-53218MedOct 22, 2025
    risk 0.38cvss 5.8epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal AppExperts appexperts allows Retrieve Embedded Sensitive Data.This issue affects AppExperts: from n/a through <= 1.4.5.

  • CVE-2025-27244MedApr 2, 2025
    risk 0.38cvss 5.9epss 0.00

    AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker.

  • CVE-2025-26318MedMar 4, 2025
    risk 0.38cvss 5.8epss 0.01

    hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote attackers to retrieve a list of all domain accounts currently connected to the application.

  • CVE-2025-62062MedOct 22, 2025
    risk 0.36cvss 5.5epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows Retrieve Embedded Sensitive Data.This issue affects Easy Post Submission: from n/a through <= 1.7.0.

  • CVE-2024-43283MedAug 26, 2024
    risk 0.36cvss 5.3epss 0.01

    Insertion of Sensitive Information Into Sent Data vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 23.1.2.

  • CVE-2026-7184MedJun 12, 2026
    risk 0.35cvss 6.5epss 0.00

    Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the {{manage_secure_connections}} permission to obtain remote cluster authentication tokens via…

  • CVE-2026-44653MedJun 2, 2026
    risk 0.35cvss 6.5epss 0.00

    LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to an MCP server can retrieve the server's decrypted admin-managed secrets through `GET /api/mcp/servers` and `GET…

  • CVE-2026-45582MedMay 29, 2026
    risk 0.35cvss 6.5epss 0.00

    n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's…

  • CVE-2026-24565MedJan 23, 2026
    risk 0.35cvss 6.5epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in bPlugins B Accordion b-accordion allows Retrieve Embedded Sensitive Data.This issue affects B Accordion: from n/a through <= 2.0.2.

  • CVE-2025-62126MedDec 31, 2025
    risk 0.35cvss 5.3epss 0.01

    Insertion of Sensitive Information Into Sent Data vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching vcaching allows Retrieve Embedded Sensitive Data.This issue affects Varnish/Nginx Proxy Caching: from n/a through <= 1.8.3.

  • CVE-2025-55750MedAug 29, 2025
    risk 0.35cvss 6.5epss 0.00

    Gitpod is a developer platform for cloud development environments. In versions before main-gha.33628 for both Gitpod Classic and Gitpod Classic Enterprise, OAuth integration with Bitbucket in certain conditions allowed a crafted link to expose a valid Bitbucket access token via…

  • CVE-2025-24582MedJan 24, 2025
    risk 0.35cvss 5.3epss 0.01

    Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through <= 3.16.5.