VYPR

CWE-209

Generation of Error Message Containing Sensitive Information

BaseDraftLikelihood: High

Description

The product generates an error message that includes sensitive information about its environment, users, or associated data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-215 · CAPEC-463 · CAPEC-54 · CAPEC-7

CVEs mapped to this weakness (189)

page 4 of 10
  • CVE-2026-9583MedMay 26, 2026
    risk 0.28cvss 4.3epss 0.00

    A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This impacts an unknown function of the file /index.php of the component SQL Handler. Executing a manipulation can lead to information exposure through error message.…

  • CVE-2026-2484MedMar 25, 2026
    risk 0.28cvss 4.3epss 0.00

    IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages

  • CVE-2026-21783MedMar 24, 2026
    risk 0.28cvss 4.3epss 0.00

    HCL Traveler is affected by sensitive information disclosure.  The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces.  Attackers…

  • CVE-2025-8852MedAug 11, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of the file /adminFile/upload of the component API Response Handler. The manipulation leads to information exposure through error message. It is possible to initiate the attack…

  • CVE-2025-32238MedApr 4, 2025
    risk 0.28cvss 4.3epss 0.00

    Generation of Error Message Containing Sensitive Information vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Retrieve Embedded Sensitive Data.This issue affects Online Booking & Scheduling Calendar for…

  • CVE-2017-0885MedApr 5, 2017
    risk 0.28cvss 4.3epss 0.01

    Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing…

  • CVE-2017-5537MedMar 15, 2017
    risk 0.28cvss 5.3epss 0.02

    The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests.

  • CVE-2026-9794MedMay 28, 2026
    risk 0.27cvss 5.3epss 0.00

    A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Security Assertion Markup Language Enhanced Client or Proxy) endpoint with varying client IDs. By observing distinct…

  • CVE-2026-41931MedMay 6, 2026
    risk 0.27cvss 5.3epss 0.00

    Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to…

  • CVE-2025-11065MedJan 26, 2026
    risk 0.27cvss 5.3epss 0.00

    A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data…

  • CVE-2023-47639MedApr 3, 2025
    risk 0.27cvss 5.3epss 0.00

    API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5.

  • CVE-2025-23185MedMar 11, 2025
    risk 0.27cvss 4.1epss 0.00

    Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privileges has access to this disclosed…

  • CVE-2026-40969LowApr 28, 2026
    risk 0.24cvss 3.7epss 0.00

    The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks. Affected…

  • CVE-2025-9005LowAug 15, 2025
    risk 0.24cvss 3.7epss 0.01

    A vulnerability was determined in mtons mblog up to 3.5.0. Affected is an unknown function of the file /register. The manipulation leads to information exposure through error message. It is possible to launch the attack remotely. The complexity of an attack is rather high. The…

  • CVE-2025-8548LowAug 5, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java of the component Registered Email Handler. The manipulation of the…

  • CVE-2018-17891LowOct 4, 2018
    risk 0.24cvss 3.7epss 0.01

    Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could…

  • CVE-2026-4994LowMar 28, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function generic_exception_handler of the file backend/openui/server.py of the component APIStatusError Handler. The manipulation of the argument key results in information exposure through error…

  • CVE-2024-35935LowMay 19, 2024
    risk 0.21cvss 3.3epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: btrfs: send: handle path ref underflow in header iterate_inode_ref() Change BUG_ON to proper error handling if building the path buffer fails. The pointers are not printed so we don't accidentally leak kernel…

  • CVE-2025-52611LowJun 4, 2026
    risk 0.20cvss 3.1epss 0.00

    HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Specifically, the code attempts to read the property dashboard key from an object…

  • CVE-2025-59853LowMay 6, 2026
    risk 0.20cvss 3.1epss 0.00

    HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations.