CWE-201(Insertion of Sensitive Information Into Sent Data)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
| 類型 | 名稱 | 類 | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。
| CVE | 公開時間 | 摘要 |
|---|---|---|
| CVE-2026-12085 | 2026-06-30 | IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive config… |
| CVE-2026-13437 | 2026-06-29 | Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potent… |
| CVE-2026-57318 | 2026-06-26 | Subscriber Sensitive Data Exposure in Site Reviews <= 8.0.11 versions. |
| CVE-2026-54834 | 2026-06-26 | Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions. |
| CVE-2026-55180 | 2026-06-25 | pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded ${ENV_VAR} placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations a… |
| CVE-2026-54848 | 2026-06-25 | Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCo… |
| CVE-2026-54841 | 2026-06-25 | Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions. |
| CVE-2026-54821 | 2026-06-25 | Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions. |
| CVE-2026-22551 | 2026-06-18 | In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt inj… |
| CVE-2026-52698 | 2026-06-17 | Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget <= 4.2.3 versions. |
| CVE-2026-34888 | 2026-06-17 | Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions. |
| CVE-2026-27868 | 2026-06-17 | An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could obtain privilege informa… |
| CVE-2024-35690 | 2026-06-17 | Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1. |
| CVE-2026-54197 | 2026-06-16 | Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions. |
| CVE-2026-52695 | 2026-06-15 | Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions. |
| CVE-2026-52692 | 2026-06-15 | Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions. |
| CVE-2026-49082 | 2026-06-15 | Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons <= 1.4.8 versions. |
| CVE-2026-48965 | 2026-06-15 | Subscriber Sensitive Data Exposure in XCloner <= 4.8.6 versions. |
| CVE-2026-42667 | 2026-06-15 | Unauthenticated Sensitive Data Exposure in Bookly <= 27.4 versions. |
| CVE-2026-42384 | 2026-06-15 | Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments < 1.6.11.2 versions. |
| 日期 | 名稱 | 版本 | 重要性 | 評論 |
|---|---|---|---|---|
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Potential_Mitigations, Time_of_Introduction |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings |
| 2009-10-29 | CWE Content Team | 1.6 | — | updated Other_Notes, Potential_Mitigations |
| 2010-09-27 | CWE Content Team | 1.10 | — | updated Common_Consequences, Description, Name |
| 2010-12-13 | CWE Content Team | 1.11 | — | updated Common_Consequences |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Relationships |
| 2012-10-30 | CWE Content Team | 2.3 | — | updated Potential_Mitigations |
| 2013-02-21 | CWE Content Team | 2.4 | — | updated Potential_Mitigations |
| 2014-02-18 | CWE Content Team | 2.6 | — | updated Related_Attack_Patterns |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Demonstrative_Examples, Relationships |
| 2017-01-19 | CWE Content Team | 2.10 | — | updated Related_Attack_Patterns |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Applicable_Platforms, Modes_of_Introduction, Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Demonstrative_Examples, Description, Name, References, Relationships, Type |
| 2020-08-20 | CWE Content Team | 4.2 | — | updated Description, Name |
| 2020-12-10 | CWE Content Team | 4.3 | — | updated Potential_Mitigations |
| 2021-10-28 | CWE Content Team | 4.6 | — | updated Relationships |
| 2022-10-13 | CWE Content Team | 4.9 | — | updated Observed_Examples |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Detection_Factors, Relationships, Time_of_Introduction |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2024-11-19 | CWE Content Team | 4.16 | — | updated Description, Diagram, Other_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Relationships, Weakness_Ordinalities |
| 2026-04-30 | CWE Content Team | 4.20 | — | updated Observed_Examples |