CWE-215
Insertion of Sensitive Information Into Debugging Code
Description
The product inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1191 | Hig | 0.57 | 8.8 | 0.01 | Mar 29, 2018 | Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials. | ||
| CVE-2026-40173 | Cri | 0.54 | 9.4 | 0.01 | Apr 15, 2026 | Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full… | ||
| CVE-2026-2250 | Hig | 0.49 | 7.5 | 0.00 | Feb 11, 2026 | The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing… | ||
| CVE-2025-58598 | Med | 0.43 | 6.6 | 0.00 | Sep 3, 2025 | Insertion of Sensitive Information Into Debugging Code vulnerability in Klarna Klarna Order Management for WooCommerce klarna-order-management-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Klarna Order Management for WooCommerce: from n/a through <=… | ||
| CVE-2025-24362 | Hig | 0.39 | — | 0.01 | Jan 24, 2025 | In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to… | ||
| CVE-2023-49194 | Med | 0.34 | 5.3 | 0.01 | Dec 9, 2024 | Insertion of Sensitive Information Into Debugging Code vulnerability in importify Importify (Dropshipping WooCommerce) importify allows Retrieve Embedded Sensitive Data.This issue affects Importify (Dropshipping WooCommerce): from n/a through <= 1.0.4. | ||
| CVE-2025-12616 | Low | 0.24 | 3.7 | 0.00 | Nov 3, 2025 | A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The… | ||
| CVE-2026-33247 | 0.00 | — | 0.00 | Mar 25, 2026 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients provided via argv (the command-line), then those credentials are visible to any… | |||
| CVE-2024-22194 | 0.00 | — | 0.00 | Jan 11, 2024 | cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions… | |||
| CVE-2022-0721 | 0.00 | — | 0.01 | Feb 23, 2022 | Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3. | |||
| CVE-2018-1002104 | — | 0.00 | — | 0.01 | Jan 14, 2020 | Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly. |
- risk 0.57cvss 8.8epss 0.01
Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials.
- risk 0.54cvss 9.4epss 0.01
Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full…
- risk 0.49cvss 7.5epss 0.00
The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing…
- risk 0.43cvss 6.6epss 0.00
Insertion of Sensitive Information Into Debugging Code vulnerability in Klarna Klarna Order Management for WooCommerce klarna-order-management-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Klarna Order Management for WooCommerce: from n/a through <=…
- risk 0.39cvss —epss 0.01
In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to…
- risk 0.34cvss 5.3epss 0.01
Insertion of Sensitive Information Into Debugging Code vulnerability in importify Importify (Dropshipping WooCommerce) importify allows Retrieve Embedded Sensitive Data.This issue affects Importify (Dropshipping WooCommerce): from n/a through <= 1.0.4.
- risk 0.24cvss 3.7epss 0.00
A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The…
- CVE-2026-33247Mar 25, 2026risk 0.00cvss —epss 0.00
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients provided via argv (the command-line), then those credentials are visible to any…
- CVE-2024-22194Jan 11, 2024risk 0.00cvss —epss 0.00
cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions…
- CVE-2022-0721Feb 23, 2022risk 0.00cvss —epss 0.01
Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3.
- CVE-2018-1002104Jan 14, 2020risk 0.00cvss —epss 0.01
Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly.