CWE-201 · Insertion of Sensitive Information into Sent Data
344 CVEs classified under CWE-201 (Insertion of Sensitive Information into Sent Data). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-49408 | Critical | 10.0 | 2025-08-20 | Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templatel… |
CVE-2020-26085 | Critical | 9.9 | 2021-01-07 | Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs o… |
CVE-2020-27134 | Critical | 9.9 | 2020-12-11 | Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs o… |
CVE-2020-27133 | Critical | 9.9 | 2020-12-11 | Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs o… |
CVE-2020-27132 | Critical | 9.9 | 2020-12-11 | Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs o… |
CVE-2020-27127 | Critical | 9.9 | 2020-12-11 | Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs o… |
CVE-2018-17245 | Critical | 9.8 | 2018-12-20 | Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a re… |
CVE-2026-42880 | Critical | 9.6 | 2026-05-07 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing au… |
CVE-2025-41118 | Critical | 9.1 | 2026-04-15 | Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage (COS). If th… |
CVE-2026-39912 | Critical | 9.1 | 2026-04-09 | V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the login_with… |
CVE-2025-48749 | Critical | 9.1 | 2025-05-28 | Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data. |
CVE-2023-48240 | Critical | 9.0 | 2023-11-20 | XWiki Platform is a generic wiki platform. The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actu… |
CVE-2026-5483 | High | 8.5 | 2026-04-10 | A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the d… |
CVE-2023-3399 | High | 8.5 | 2023-11-06 | An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions… |
CVE-2026-54848 | High | 8.3 | 2026-06-25 | Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This… |
CVE-2026-46481 | High | 8.3 | 2026-06-08 | OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and re… |
CVE-2025-58098 | High | 8.3 | 2025-12-05 | Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd… |
CVE-2021-26566 | High | 8.3 | 2021-02-26 | Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-midd… |
CVE-2025-3529 | High | 8.2 | 2025-04-23 | The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'fi… |
CVE-2024-3502 | High | 8.1 | 2024-11-14 | In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently… |