VYPR

CWE-540

Inclusion of Sensitive Information in Source Code

BaseIncomplete

Description

Source code on a web server or repository often contains sensitive information and should generally not be accessible to users.

There are situations where it is critical to remove source code from an area or server. For example, obtaining Perl source code on a system allows an attacker to understand the logic of the script and extract extremely useful information such as code bugs or logins and passwords.

Hierarchy (View 1000)

CVEs mapped to this weakness (8)

  • CVE-2025-23215CriJan 31, 2025
    risk 0.53cvss epss 0.00

    PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are included in jar published to Maven Central. The private key itself is not known to have been compromised itself, but given its passphrase is, it must…

  • CVE-2026-4155HigApr 11, 2026
    risk 0.49cvss 7.5epss 0.01

    ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging stations. Authentication is not…

  • CVE-2024-1272HigJun 5, 2024
    risk 0.49cvss 7.5epss 0.00

    Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data. This issue affects Cockpit Software: before v0.251.1.

  • CVE-2026-45728HigMay 26, 2026
    risk 0.42cvss 7.5epss 0.00

    Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode is set to true and debugMode is forcibly enabled. debugMode activates the PrettyError renderer, which on any Lua or…

  • CVE-2026-35383MedApr 2, 2026
    risk 0.42cvss 6.5epss 0.00

    Bentley Systems iTwin Platform exposed a Cesium ion access token in the source of some web pages. An unauthenticated attacker could use this token to enumerate or delete certain assets. As of 2026-03-27, the token is no longer present in the web pages and cannot be used to…

  • CVE-2023-23448MedMay 15, 2023
    risk 0.34cvss 5.3epss 0.01

    Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames via analysis of source code.

  • CVE-2024-2355LowMar 10, 2024
    risk 0.24cvss 3.7epss 0.01

    A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /secret_coder.sql. The manipulation leads to inclusion of sensitive information in source code. The…

  • CVE-2025-3403LowApr 8, 2025
    risk 0.18cvss 2.7epss 0.00

    A vulnerability was found in Vivotek NVR ND8422P, NVR ND9525P and NVR ND9541P 2.4.0.204/3.3.0.104/4.2.0.101. It has been classified as problematic. Affected is an unknown function of the component HTML Form Handler. The manipulation leads to inclusion of sensitive information in…