CWE-209
Generation of Error Message Containing Sensitive Information
Description
The product generates an error message that includes sensitive information about its environment, users, or associated data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-215 · CAPEC-463 · CAPEC-54 · CAPEC-7
CVEs mapped to this weakness (189)
page 3 of 10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-31960 | Med | 0.34 | 5.3 | 0.00 | May 6, 2026 | HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumer_company parameter during a report-viewing request causes the… | ||
| CVE-2025-14243 | Med | 0.34 | 5.3 | 0.00 | Apr 8, 2026 | A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation. | ||
| CVE-2026-2752 | Med | 0.34 | 5.3 | 0.00 | Mar 6, 2026 | Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticated attacker can send crafted requests to trigger an unhandled exception, causing the server to return verbose .NET stack traces. These error messages expose internal class names,… | ||
| CVE-2025-15526 | Med | 0.34 | 5.3 | 0.00 | Jan 16, 2026 | The Fancy Product Designer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.8. This is due to improper error handling in the PDF upload functionality that exposes server filesystem paths and stack traces in error messages. This… | ||
| CVE-2025-9122 | Med | 0.34 | 5.3 | 0.00 | Dec 15, 2025 | Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet. | ||
| CVE-2025-9229 | Med | 0.34 | 5.3 | 0.00 | Aug 20, 2025 | Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages. | ||
| CVE-2025-2239 | Med | 0.34 | 5.3 | 0.00 | Mar 12, 2025 | Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23. | ||
| CVE-2025-20002 | Med | 0.34 | 5.3 | 0.00 | Mar 5, 2025 | After attempting to upload a file that does not meet prerequisites, GMOD Apollo will respond with local path information disclosure | ||
| CVE-2024-13540 | Med | 0.34 | 5.3 | 0.00 | Feb 18, 2025 | The WooODT Lite – Delivery & pickup date time location for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.5.1. This is due the /inc/bycwooodt_get_all_orders.php file being publicly accessible and generating a… | ||
| CVE-2024-13538 | Med | 0.34 | 5.3 | 0.01 | Feb 18, 2025 | The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.0. This is due the /vendor/cocur/slugify/bin/generate-default.php file being directly accessible and triggering an error. This… | ||
| CVE-2025-24552 | Med | 0.34 | 5.3 | 0.00 | Jan 24, 2025 | Generation of Error Message Containing Sensitive Information vulnerability in paytiumsupport Paytium paytium allows Retrieve Embedded Sensitive Data.This issue affects Paytium: from n/a through <= 4.4.11. | ||
| CVE-2024-13536 | Med | 0.34 | 5.3 | 0.00 | Jan 21, 2025 | The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the /inc/class/fnm/export.php file being publicly accessible with error logging enabled. This makes it possible for unauthenticated… | ||
| CVE-2024-54366 | Med | 0.34 | 5.3 | 0.01 | Dec 16, 2024 | Generation of Error Message Containing Sensitive Information vulnerability in videogallery Vimeography vimeography allows Retrieve Embedded Sensitive Data.This issue affects Vimeography: from n/a through <= 2.4.4. | ||
| CVE-2024-50512 | Med | 0.34 | 5.3 | 0.00 | Oct 30, 2024 | Generation of Error Message Containing Sensitive Information vulnerability in Posti Posti Shipping posti-shipping allows Retrieve Embedded Sensitive Data.This issue affects Posti Shipping: from n/a through <= 3.10.2. | ||
| CVE-2024-7426 | Med | 0.34 | 5.3 | 0.00 | Sep 25, 2024 | The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.6.0. This is due to the plugin displaying errors and allowing direct access to the sse.php… | ||
| CVE-2017-1370 | Med | 0.32 | 4.9 | 0.01 | Jul 31, 2017 | IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863. | ||
| CVE-2012-0059 | Med | 0.32 | 4.9 | 0.02 | Feb 5, 2014 | A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails,… | ||
| CVE-2026-24511 | Med | 0.29 | 4.4 | 0.00 | Apr 8, 2026 | Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, contains a generation of error message containing sensitive information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability,… | ||
| CVE-2025-52606 | Med | 0.28 | 4.3 | 0.00 | Jun 4, 2026 | HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is… | ||
| CVE-2026-1248 | Med | 0.28 | 4.3 | 0.00 | May 27, 2026 | IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages. |
- risk 0.34cvss 5.3epss 0.00
HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumer_company parameter during a report-viewing request causes the…
- risk 0.34cvss 5.3epss 0.00
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation.
- risk 0.34cvss 5.3epss 0.00
Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticated attacker can send crafted requests to trigger an unhandled exception, causing the server to return verbose .NET stack traces. These error messages expose internal class names,…
- risk 0.34cvss 5.3epss 0.00
The Fancy Product Designer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.8. This is due to improper error handling in the PDF upload functionality that exposes server filesystem paths and stack traces in error messages. This…
- risk 0.34cvss 5.3epss 0.00
Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet.
- risk 0.34cvss 5.3epss 0.00
Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages.
- risk 0.34cvss 5.3epss 0.00
Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23.
- risk 0.34cvss 5.3epss 0.00
After attempting to upload a file that does not meet prerequisites, GMOD Apollo will respond with local path information disclosure
- risk 0.34cvss 5.3epss 0.00
The WooODT Lite – Delivery & pickup date time location for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.5.1. This is due the /inc/bycwooodt_get_all_orders.php file being publicly accessible and generating a…
- risk 0.34cvss 5.3epss 0.01
The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.0. This is due the /vendor/cocur/slugify/bin/generate-default.php file being directly accessible and triggering an error. This…
- risk 0.34cvss 5.3epss 0.00
Generation of Error Message Containing Sensitive Information vulnerability in paytiumsupport Paytium paytium allows Retrieve Embedded Sensitive Data.This issue affects Paytium: from n/a through <= 4.4.11.
- risk 0.34cvss 5.3epss 0.00
The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the /inc/class/fnm/export.php file being publicly accessible with error logging enabled. This makes it possible for unauthenticated…
- risk 0.34cvss 5.3epss 0.01
Generation of Error Message Containing Sensitive Information vulnerability in videogallery Vimeography vimeography allows Retrieve Embedded Sensitive Data.This issue affects Vimeography: from n/a through <= 2.4.4.
- risk 0.34cvss 5.3epss 0.00
Generation of Error Message Containing Sensitive Information vulnerability in Posti Posti Shipping posti-shipping allows Retrieve Embedded Sensitive Data.This issue affects Posti Shipping: from n/a through <= 3.10.2.
- risk 0.34cvss 5.3epss 0.00
The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.6.0. This is due to the plugin displaying errors and allowing direct access to the sse.php…
- risk 0.32cvss 4.9epss 0.01
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863.
- risk 0.32cvss 4.9epss 0.02
A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails,…
- risk 0.29cvss 4.4epss 0.00
Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, contains a generation of error message containing sensitive information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability,…
- risk 0.28cvss 4.3epss 0.00
HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is…
- risk 0.28cvss 4.3epss 0.00
IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages.