CWE-209 · Generation of Error Message Containing Sensitive Information

568 CVEs classified under CWE-209 (Generation of Error Message Containing Sensitive Information). Browse by severity and year.

Top CVEs for CWE-209
CVESeverityScorePublishedSummary
CVE-2025-62168Critical10.02025-10-17Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information…
CVE-2025-68110Critical9.92025-12-17ChurchCRM is an open-source church management system. Versions prior to 6.5.3 may disclose database information in an error message including the host, ip, use…
CVE-2026-22778Critical9.82026-02-02vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpo…
CVE-2025-46658Critical9.82025-08-05An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages.
CVE-2024-6980Critical9.82024-07-31A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. Thi…
CVE-2024-28285Critical9.82024-05-14A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same sy…
CVE-2023-40767Critical9.82023-08-28User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an…
CVE-2023-40766Critical9.82023-08-28User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow a…
CVE-2023-40765Critical9.82023-08-28User enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during password recovery, where a difference in messages could allow an…
CVE-2023-40764Critical9.82023-08-28User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an atta…
CVE-2023-40763Critical9.82023-08-28User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an att…
CVE-2023-40762Critical9.82023-08-28User enumeration is found in PHPJabbers Fundraising Script v1.0. This issue occurs during password recovery, where a difference in messages could allow an atta…
CVE-2023-40761Critical9.82023-08-28User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an at…
CVE-2023-40760Critical9.82023-08-28User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an a…
CVE-2023-40759Critical9.82023-08-28User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow…
CVE-2023-40758Critical9.82023-08-28User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attack…
CVE-2023-40757Critical9.82023-08-28User enumeration is found in PHPJabbers Food Delivery Script v3.1. This issue occurs during password recovery, where a difference in messages could allow an at…
CVE-2021-42777Critical9.82022-10-29Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a…
CVE-2019-7644Critical9.82019-04-11Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this e…
CVE-2019-7612Critical9.82019-03-25A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of…