CWE-209 · Generation of Error Message Containing Sensitive Information
568 CVEs classified under CWE-209 (Generation of Error Message Containing Sensitive Information). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-62168 | Critical | 10.0 | 2025-10-17 | Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information… |
CVE-2025-68110 | Critical | 9.9 | 2025-12-17 | ChurchCRM is an open-source church management system. Versions prior to 6.5.3 may disclose database information in an error message including the host, ip, use… |
CVE-2026-22778 | Critical | 9.8 | 2026-02-02 | vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpo… |
CVE-2025-46658 | Critical | 9.8 | 2025-08-05 | An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages. |
CVE-2024-6980 | Critical | 9.8 | 2024-07-31 | A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. Thi… |
CVE-2024-28285 | Critical | 9.8 | 2024-05-14 | A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same sy… |
CVE-2023-40767 | Critical | 9.8 | 2023-08-28 | User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an… |
CVE-2023-40766 | Critical | 9.8 | 2023-08-28 | User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow a… |
CVE-2023-40765 | Critical | 9.8 | 2023-08-28 | User enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during password recovery, where a difference in messages could allow an… |
CVE-2023-40764 | Critical | 9.8 | 2023-08-28 | User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an atta… |
CVE-2023-40763 | Critical | 9.8 | 2023-08-28 | User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an att… |
CVE-2023-40762 | Critical | 9.8 | 2023-08-28 | User enumeration is found in PHPJabbers Fundraising Script v1.0. This issue occurs during password recovery, where a difference in messages could allow an atta… |
CVE-2023-40761 | Critical | 9.8 | 2023-08-28 | User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an at… |
CVE-2023-40760 | Critical | 9.8 | 2023-08-28 | User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an a… |
CVE-2023-40759 | Critical | 9.8 | 2023-08-28 | User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow… |
CVE-2023-40758 | Critical | 9.8 | 2023-08-28 | User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attack… |
CVE-2023-40757 | Critical | 9.8 | 2023-08-28 | User enumeration is found in PHPJabbers Food Delivery Script v3.1. This issue occurs during password recovery, where a difference in messages could allow an at… |
CVE-2021-42777 | Critical | 9.8 | 2022-10-29 | Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a… |
CVE-2019-7644 | Critical | 9.8 | 2019-04-11 | Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this e… |
CVE-2019-7612 | Critical | 9.8 | 2019-03-25 | A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of… |