CWE-598
Use of HTTP Request With Sensitive Query String
Description
The web application uses an HTTP method to process a request, but the request includes sensitive information in the query string.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (41)
page 2 of 3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-37504 | Med | 0.34 | 5.3 | 0.00 | May 1, 2026 | Sensitive server_token exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET,… | ||
| CVE-2026-31381 | Med | 0.34 | 5.3 | 0.00 | Mar 20, 2026 | An attacker can extract user email addresses (PII) exposed in base64 encoding via the state parameter in the OAuth callback URL. | ||
| CVE-2025-40742 | Med | 0.34 | 5.3 | 0.00 | Jul 8, 2025 | A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V11.0), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V11.0), SIPROTEC 5… | ||
| CVE-2025-50709 | Med | 0.28 | 4.3 | 0.00 | Sep 17, 2025 | An issue in Perplexity AI GPT-4 allows a remote attacker to obtain sensitive information via a GET parameter | ||
| CVE-2024-9877 | Med | 0.28 | 4.3 | 0.00 | Apr 30, 2025 | : Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. | ||
| CVE-2017-9280 | Med | 0.28 | 4.3 | 0.01 | Mar 2, 2018 | Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar. | ||
| CVE-2025-2356 | Low | 0.24 | 3.7 | 0.00 | Mar 17, 2025 | A vulnerability was found in BlackVue App 3.65 on Android. It has been classified as problematic. This affects the function deviceDelete of the component API Handler. The manipulation leads to use of get request method with sensitive query strings. It is possible to initiate the… | ||
| CVE-2026-33620 | Med | 0.21 | 4.3 | 0.00 | Mar 26, 2026 | PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.8` through `v0.8.3` accepted the API token from a `token` URL query parameter in addition to the `Authorization` header. When a valid API credential is sent in the URL,… | ||
| CVE-2025-14811 | Low | 0.20 | 3.1 | 0.00 | Mar 13, 2026 | IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques. | ||
| CVE-2026-10078 | Low | 0.18 | 2.7 | 0.00 | May 29, 2026 | A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client_id and client_secret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure… | ||
| CVE-2025-62317 | Low | 0.17 | 2.6 | 0.00 | May 14, 2026 | HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain… | ||
| CVE-2023-6020 | — | 0.10 | — | 0.15 | Nov 16, 2023 | LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. | ||
| CVE-2026-27949 | Low | 0.06 | 2.0 | 0.00 | Apr 7, 2026 | Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane's authentication flow where a user's email address is included as a query parameter in the URL during error handling (e.g., when an invalid magic code is submitted).… | ||
| CVE-2026-55375 | — | 0.00 | — | — | Jun 19, 2026 | ## Summary In affected versions, the OAuth2 token request sends `app_id`, `app_secret`, `refresh_token` and `code` as URL query parameters of the POST request to `https://oauth./oauth/api/oauth2/token`. Request URLs are commonly recorded in access logs, proxy… | ||
| CVE-2026-47768 | 0.00 | — | 0.00 | Jun 10, 2026 | `internal/web/operators.go:251` — after `handleOperatorCreateAPIKey` mints a fresh 32-byte bearer token, the redirect points the operator's browser at: /ui/operators/?new_key=&key_name= The raw API key ends up: - in the browser's URL history - in the… | |||
| CVE-2026-26196 | 0.00 | — | 0.00 | Mar 5, 2026 | Gogs is an open source self-hosted Git service. Prior to version 0.14.2, gogs api still accepts tokens in url params like token and access_token, which can leak through logs, browser history, and referrers. This issue has been patched in version 0.14.2. | |||
| CVE-2025-52901 | 0.00 | — | 0.00 | Jun 30, 2025 | File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token (JWT) which is used as a session identifier… | |||
| CVE-2025-3637 | 0.00 | — | 0.00 | Apr 25, 2025 | A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and… | |||
| CVE-2025-32021 | 0.00 | — | 0.00 | Apr 15, 2025 | Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for… | |||
| CVE-2024-28238 | 0.00 | — | 0.00 | Mar 12, 2024 | Directus is a real-time API and App dashboard for managing SQL database content. When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., web server logs, browser… |
- risk 0.34cvss 5.3epss 0.00
Sensitive server_token exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET,…
- risk 0.34cvss 5.3epss 0.00
An attacker can extract user email addresses (PII) exposed in base64 encoding via the state parameter in the OAuth callback URL.
- risk 0.34cvss 5.3epss 0.00
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V11.0), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V11.0), SIPROTEC 5…
- risk 0.28cvss 4.3epss 0.00
An issue in Perplexity AI GPT-4 allows a remote attacker to obtain sensitive information via a GET parameter
- risk 0.28cvss 4.3epss 0.00
: Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4.
- risk 0.28cvss 4.3epss 0.01
Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar.
- risk 0.24cvss 3.7epss 0.00
A vulnerability was found in BlackVue App 3.65 on Android. It has been classified as problematic. This affects the function deviceDelete of the component API Handler. The manipulation leads to use of get request method with sensitive query strings. It is possible to initiate the…
- risk 0.21cvss 4.3epss 0.00
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.8` through `v0.8.3` accepted the API token from a `token` URL query parameter in addition to the `Authorization` header. When a valid API credential is sent in the URL,…
- risk 0.20cvss 3.1epss 0.00
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.
- risk 0.18cvss 2.7epss 0.00
A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client_id and client_secret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure…
- risk 0.17cvss 2.6epss 0.00
HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain…
- CVE-2023-6020Nov 16, 2023risk 0.10cvss —epss 0.15
LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.
- risk 0.06cvss 2.0epss 0.00
Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane's authentication flow where a user's email address is included as a query parameter in the URL during error handling (e.g., when an invalid magic code is submitted).…
- CVE-2026-55375Jun 19, 2026risk 0.00cvss —epss —
## Summary In affected versions, the OAuth2 token request sends `app_id`, `app_secret`, `refresh_token` and `code` as URL query parameters of the POST request to `https://oauth./oauth/api/oauth2/token`. Request URLs are commonly recorded in access logs, proxy…
- CVE-2026-47768Jun 10, 2026risk 0.00cvss —epss 0.00
`internal/web/operators.go:251` — after `handleOperatorCreateAPIKey` mints a fresh 32-byte bearer token, the redirect points the operator's browser at: /ui/operators/?new_key=&key_name= The raw API key ends up: - in the browser's URL history - in the…
- CVE-2026-26196Mar 5, 2026risk 0.00cvss —epss 0.00
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, gogs api still accepts tokens in url params like token and access_token, which can leak through logs, browser history, and referrers. This issue has been patched in version 0.14.2.
- CVE-2025-52901Jun 30, 2025risk 0.00cvss —epss 0.00
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token (JWT) which is used as a session identifier…
- CVE-2025-3637Apr 25, 2025risk 0.00cvss —epss 0.00
A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and…
- CVE-2025-32021Apr 15, 2025risk 0.00cvss —epss 0.00
Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for…
- CVE-2024-28238Mar 12, 2024risk 0.00cvss —epss 0.00
Directus is a real-time API and App dashboard for managing SQL database content. When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., web server logs, browser…