VYPR

CWE-202

Exposure of Sensitive Information Through Data Queries

BaseDraftLikelihood: Medium

Description

When trying to keep information confidential, an attacker can often infer some of the information by using statistics.

In situations where data should not be tied to individual users, but a large number of users should be able to make queries that "scrub" the identity of users, it may be possible to get information about a user -- e.g., by specifying search terms that are known to be unique to that user.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (15)

  • CVE-2025-69662HigJan 30, 2026
    risk 0.49cvss 8.6epss 0.00

    SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.

  • CVE-2024-6400HigOct 4, 2024
    risk 0.49cvss 7.5epss 0.01

    Cleartext Storage of Sensitive Information, Exposure of Sensitive Information Through Data Queries vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data, Authentication Bypass, IMAP/SMTP Command Injection, Collect Data from Common Resource Locations. This…

  • CVE-2023-7072HigMar 12, 2024
    risk 0.49cvss 7.5epss 0.01

    The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data…

  • CVE-2024-2088HigMay 22, 2024
    risk 0.48cvss 8.5epss 0.00

    The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and…

  • CVE-2026-33530HigMar 26, 2026
    risk 0.43cvss 7.7epss 0.00

    InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6, certain API endpoints associated with bulk data operations can be hijacked to exfiltrate sensitive information from the database. The bulk operation API endpoints (e.g. `/api/part/`, `/api/stock/`,…

  • CVE-2026-40245HigApr 16, 2026
    risk 0.42cvss 7.5epss 0.01

    Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions 4.2.1 and below contain an information disclosure vulnerability in the UDR (Unified Data Repository) service. The handler for GET /nudr-dr/v2/application-data/influenceData/s…

  • CVE-2026-30778HigApr 15, 2026
    risk 0.42cvss 7.5epss 0.01

    The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue.

  • CVE-2026-3546MedMar 21, 2026
    risk 0.34cvss 5.3epss 0.00

    The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshot_form_builder_get_account_data() function is registered as a wp_ajax_ AJAX handler accessible to all authenticated users. The…

  • CVE-2026-42797MedMay 25, 2026
    risk 0.32cvss 4.9epss 0.00

    Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access…

  • CVE-2025-30086MedJul 25, 2025
    risk 0.25cvss 4.9epss 0.01

    CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any…

  • CVE-2026-25050Jan 30, 2026
    risk 0.00cvss epss 0.00

    Vendure is an open-source headless commerce platform. Prior to version 3.5.3, the `NativeAuthenticationStrategy.authenticate()` method is vulnerable to a timing attack that allows attackers to enumerate valid usernames (email addresses). In `packages/core/src/config/auth/native-a…

  • CVE-2025-69226Jan 5, 2026
    risk 0.00cvss epss 0.00

    AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an…

  • CVE-2025-68456Jan 5, 2026
    risk 0.00cvss epss 0.00

    Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger database backup operations via specific admin actions, potentially leading to resource exhaustion or information disclosure.…

  • CVE-2025-69200Dec 29, 2025
    risk 0.00cvss epss 0.02

    phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via `POST /api/setup/backup` and then download the generated ZIP from a web-accessible location. The ZIP contains…

  • CVE-2025-59352Sep 17, 2025
    risk 0.00cvss epss 0.01

    Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the gRPC API and HTTP APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This…