CWE-201 344 個 CVE MITRE 定義 ↗

CWE-201:Insertion of Sensitive Information Into Sent Data

概覽

CWE-201(Insertion of Sensitive Information Into Sent Data)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-12085 2026-06-30 IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive config…
CVE-2026-13437 2026-06-29 Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potent…
CVE-2026-57318 2026-06-26 Subscriber Sensitive Data Exposure in Site Reviews <= 8.0.11 versions.
CVE-2026-54834 2026-06-26 Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions.
CVE-2026-55180 2026-06-25 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded ${ENV_VAR} placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations a…
CVE-2026-54848 2026-06-25 Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCo…
CVE-2026-54841 2026-06-25 Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions.
CVE-2026-54821 2026-06-25 Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions.
CVE-2026-22551 2026-06-18 In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt inj…
CVE-2026-52698 2026-06-17 Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation &amp; Chat Widget <= 4.2.3 versions.
CVE-2026-34888 2026-06-17 Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions.
CVE-2026-27868 2026-06-17 An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could obtain privilege informa…
CVE-2024-35690 2026-06-17 Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1.
CVE-2026-54197 2026-06-16 Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions.
CVE-2026-52695 2026-06-15 Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.
CVE-2026-52692 2026-06-15 Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.
CVE-2026-49082 2026-06-15 Subscriber Sensitive Data Exposure in Chatway Live Chat &#8211; AI Chatbot, Customer Support, FAQ &amp; Helpdesk Customer Service &amp; Chat Buttons <= 1.4.8 versions.
CVE-2026-48965 2026-06-15 Subscriber Sensitive Data Exposure in XCloner <= 4.8.6 versions.
CVE-2026-42667 2026-06-15 Unauthenticated Sensitive Data Exposure in Bookly <= 27.4 versions.
CVE-2026-42384 2026-06-15 Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments < 1.6.11.2 versions.

曾用名

  • Information Leak Through Sent Data (2010-09-27)
  • Information Exposure Through Sent Data (2020-02-24)
  • Exposure of Sensitive Information Through Sent Data (2020-08-20)

內容提交

名稱
CLASP
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Potential_Mitigations, Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings
2009-10-29 CWE Content Team 1.6 updated Other_Notes, Potential_Mitigations
2010-09-27 CWE Content Team 1.10 updated Common_Consequences, Description, Name
2010-12-13 CWE Content Team 1.11 updated Common_Consequences
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2013-02-21 CWE Content Team 2.4 updated Potential_Mitigations
2014-02-18 CWE Content Team 2.6 updated Related_Attack_Patterns
2014-07-30 CWE Content Team 2.8 updated Demonstrative_Examples, Relationships
2017-01-19 CWE Content Team 2.10 updated Related_Attack_Patterns
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Modes_of_Introduction, Relationships
2020-02-24 CWE Content Team 4.0 updated Demonstrative_Examples, Description, Name, References, Relationships, Type
2020-08-20 CWE Content Team 4.2 updated Description, Name
2020-12-10 CWE Content Team 4.3 updated Potential_Mitigations
2021-10-28 CWE Content Team 4.6 updated Relationships
2022-10-13 CWE Content Team 4.9 updated Observed_Examples
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships, Time_of_Introduction
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2024-11-19 CWE Content Team 4.16 updated Description, Diagram, Other_Notes
2025-12-11 CWE Content Team 4.19 updated Relationships, Weakness_Ordinalities
2026-04-30 CWE Content Team 4.20 updated Observed_Examples
cvelogic Threat Intelligence