VYPR

CWE-201

Insertion of Sensitive Information Into Sent Data

BaseDraft

Description

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-12 · CAPEC-217 · CAPEC-612 · CAPEC-613 · CAPEC-618 · CAPEC-619 · CAPEC-621 · CAPEC-622 · CAPEC-623

CVEs mapped to this weakness (240)

page 9 of 12
  • CVE-2025-31842MedApr 1, 2025
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in viralloops Viral Loops WP Integration viral-loops-wp-integration allows Retrieve Embedded Sensitive Data.This issue affects Viral Loops WP Integration: from n/a through <= 3.4.0.

  • CVE-2025-30609MedMar 24, 2025
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal AppExperts appexperts allows Retrieve Embedded Sensitive Data.This issue affects AppExperts: from n/a through <= 1.4.3.

  • CVE-2025-22303MedJan 7, 2025
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.17.0.

  • CVE-2024-34812MedMay 14, 2024
    risk 0.34cvss 5.3epss 0.01

    Insertion of Sensitive Information Into Sent Data vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through <= 2.1.8.

  • CVE-2024-34556MedMay 14, 2024
    risk 0.34cvss 5.3epss 0.01

    Insertion of Sensitive Information Into Sent Data vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory & Order Manager:…

  • CVE-2025-62308MedMay 14, 2026
    risk 0.33cvss 5.1epss 0.00

    HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under…

  • CVE-2025-62305MedMay 14, 2026
    risk 0.33cvss 5.1epss 0.00

    HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allow exposure of data to external systems under specific conditions.

  • CVE-2025-68516MedDec 24, 2025
    risk 0.33cvss 5.0epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Essekia Tablesome tablesome allows Retrieve Embedded Sensitive Data.This issue affects Tablesome: from n/a through <= 1.1.35.1.

  • CVE-2025-62998MedDec 18, 2025
    risk 0.33cvss 5.0epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co-pilot-for-wp allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through <= 1.2.7.

  • CVE-2025-62947MedOct 27, 2025
    risk 0.33cvss 5.0epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in publitio Publitio publitio allows Retrieve Embedded Sensitive Data.This issue affects Publitio: from n/a through <= 2.2.5.

  • CVE-2017-16026MedJun 4, 2018
    risk 0.32cvss 5.9epss 0.03

    Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0.

  • CVE-2026-41181MedMay 15, 2026
    risk 0.31cvss 5.8epss 0.00

    Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors (custom error pages) middleware. When the backend returns a response matching the configured status range, the…

  • CVE-2025-31978MedMay 6, 2026
    risk 0.30cvss 4.6epss 0.00

    HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An attacker could populate data fields which, when saved to a CSV file, may attempt information exfiltration or other…

  • CVE-2026-42042MedApr 24, 2026
    risk 0.28cvss 5.4epss 0.00

    Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the withXSRFToken config property. When this property is…

  • CVE-2026-5512MedApr 21, 2026
    risk 0.28cvss 4.3epss 0.00

    An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and…

  • CVE-2026-25008MedFeb 19, 2026
    risk 0.28cvss 4.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through <= 5.2.5.

  • CVE-2025-68989MedDec 30, 2025
    risk 0.28cvss 4.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Renzo Johnson contact-form-7-mailchimp-extension contact-form-7-mailchimp-extension allows Retrieve Embedded Sensitive Data.This issue affects contact-form-7-mailchimp-extension: from n/a through <= 0.9.68.

  • CVE-2025-63007MedDec 9, 2025
    risk 0.28cvss 4.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.4.1.

  • CVE-2025-62994MedDec 9, 2025
    risk 0.28cvss 4.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co-pilot-for-wp allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through <= 1.2.7.

  • CVE-2025-64351MedOct 31, 2025
    risk 0.28cvss 4.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Retrieve Embedded Sensitive Data.This issue affects Rank Math SEO: from n/a through <= 1.0.252.1.