VYPR

CWE-598

Use of HTTP Request With Sensitive Query String

VariantDraft

Description

The web application uses an HTTP method to process a request, but the request includes sensitive information in the query string.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (41)

page 2 of 3
  • CVE-2026-37504MedMay 1, 2026
    risk 0.34cvss 5.3epss 0.00

    Sensitive server_token exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET,…

  • CVE-2026-31381MedMar 20, 2026
    risk 0.34cvss 5.3epss 0.00

    An attacker can extract user email addresses (PII) exposed in base64 encoding via the state parameter in the OAuth callback URL.

  • CVE-2025-40742MedJul 8, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V11.0), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V11.0), SIPROTEC 5…

  • CVE-2025-50709MedSep 17, 2025
    risk 0.28cvss 4.3epss 0.00

    An issue in Perplexity AI GPT-4 allows a remote attacker to obtain sensitive information via a GET parameter

  • CVE-2024-9877MedApr 30, 2025
    risk 0.28cvss 4.3epss 0.00

    : Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4.

  • CVE-2017-9280MedMar 2, 2018
    risk 0.28cvss 4.3epss 0.01

    Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar.

  • CVE-2025-2356LowMar 17, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was found in BlackVue App 3.65 on Android. It has been classified as problematic. This affects the function deviceDelete of the component API Handler. The manipulation leads to use of get request method with sensitive query strings. It is possible to initiate the…

  • CVE-2026-33620MedMar 26, 2026
    risk 0.21cvss 4.3epss 0.00

    PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.8` through `v0.8.3` accepted the API token from a `token` URL query parameter in addition to the `Authorization` header. When a valid API credential is sent in the URL,…

  • CVE-2025-14811LowMar 13, 2026
    risk 0.20cvss 3.1epss 0.00

    IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.

  • CVE-2026-10078LowMay 29, 2026
    risk 0.18cvss 2.7epss 0.00

    A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client_id and client_secret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure…

  • CVE-2025-62317LowMay 14, 2026
    risk 0.17cvss 2.6epss 0.00

    HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain…

  • CVE-2023-6020Nov 16, 2023
    risk 0.10cvss epss 0.15

    LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.

  • CVE-2026-27949LowApr 7, 2026
    risk 0.06cvss 2.0epss 0.00

    Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane's authentication flow where a user's email address is included as a query parameter in the URL during error handling (e.g., when an invalid magic code is submitted).…

  • CVE-2026-55375Jun 19, 2026
    risk 0.00cvss epss

    ## Summary In affected versions, the OAuth2 token request sends `app_id`, `app_secret`, `refresh_token` and `code` as URL query parameters of the POST request to `https://oauth./oauth/api/oauth2/token`. Request URLs are commonly recorded in access logs, proxy…

  • CVE-2026-47768Jun 10, 2026
    risk 0.00cvss epss 0.00

    `internal/web/operators.go:251` — after `handleOperatorCreateAPIKey` mints a fresh 32-byte bearer token, the redirect points the operator's browser at: /ui/operators/?new_key=&key_name= The raw API key ends up: - in the browser's URL history - in the…

  • CVE-2026-26196Mar 5, 2026
    risk 0.00cvss epss 0.00

    Gogs is an open source self-hosted Git service. Prior to version 0.14.2, gogs api still accepts tokens in url params like token and access_token, which can leak through logs, browser history, and referrers. This issue has been patched in version 0.14.2.

  • CVE-2025-52901Jun 30, 2025
    risk 0.00cvss epss 0.00

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token (JWT) which is used as a session identifier…

  • CVE-2025-3637Apr 25, 2025
    risk 0.00cvss epss 0.00

    A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and…

  • CVE-2025-32021Apr 15, 2025
    risk 0.00cvss epss 0.00

    Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for…

  • CVE-2024-28238Mar 12, 2024
    risk 0.00cvss epss 0.00

    Directus is a real-time API and App dashboard for managing SQL database content. When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., web server logs, browser…