VYPR

CWE-215

Insertion of Sensitive Information Into Debugging Code

BaseDraft

Description

The product inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.

When debugging, it may be necessary to report detailed information to the programmer. However, if the debugging code is not disabled when the product is operating in a production environment, then this sensitive information may be exposed to attackers.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (11)

  • CVE-2018-1191HigMar 29, 2018
    risk 0.57cvss 8.8epss 0.01

    Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials.

  • CVE-2026-40173CriApr 15, 2026
    risk 0.54cvss 9.4epss 0.01

    Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full…

  • CVE-2026-2250HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.00

    The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing…

  • CVE-2025-58598MedSep 3, 2025
    risk 0.43cvss 6.6epss 0.00

    Insertion of Sensitive Information Into Debugging Code vulnerability in Klarna Klarna Order Management for WooCommerce klarna-order-management-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Klarna Order Management for WooCommerce: from n/a through <=…

  • CVE-2025-24362HigJan 24, 2025
    risk 0.39cvss epss 0.01

    In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to…

  • CVE-2023-49194MedDec 9, 2024
    risk 0.34cvss 5.3epss 0.01

    Insertion of Sensitive Information Into Debugging Code vulnerability in importify Importify (Dropshipping WooCommerce) importify allows Retrieve Embedded Sensitive Data.This issue affects Importify (Dropshipping WooCommerce): from n/a through <= 1.0.4.

  • CVE-2025-12616LowNov 3, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The…

  • CVE-2026-33247Mar 25, 2026
    risk 0.00cvss epss 0.00

    NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients provided via argv (the command-line), then those credentials are visible to any…

  • CVE-2024-22194Jan 11, 2024
    risk 0.00cvss epss 0.00

    cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions…

  • CVE-2022-0721Feb 23, 2022
    risk 0.00cvss epss 0.01

    Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3.

  • CVE-2018-1002104Jan 14, 2020
    risk 0.00cvss epss 0.01

    Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly.