CWE-215 · Insertion of Sensitive Information Into Debugging Code
16 CVEs classified under CWE-215 (Insertion of Sensitive Information Into Debugging Code). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-7569 | Critical | 9.6 | 2024-08-13 | An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain th… |
CVE-2026-40173 | Critical | 9.4 | 2026-04-15 | Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debu… |
CVE-2022-0721 | High | 8.8 | 2022-02-23 | Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3. |
CVE-2019-3781 | High | 8.2 | 2019-03-07 | Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authent… |
CVE-2026-2250 | High | 7.5 | 2026-02-11 | The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite datab… |
CVE-2026-33247 | High | 7.4 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run w… |
CVE-2025-58598 | Medium | 6.6 | 2025-09-03 | Insertion of Sensitive Information Into Debugging Code vulnerability in Klarna Klarna Order Management for WooCommerce klarna-order-management-for-woocommerce… |
CVE-2023-51390 | Medium | 6.5 | 2023-12-20 | journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out… |
CVE-2023-49194 | Medium | 5.3 | 2024-12-09 | Insertion of Sensitive Information Into Debugging Code vulnerability in importify Importify (Dropshipping WooCommerce) importify allows Retrieve Embedded Sensi… |
CVE-2018-1002104 | Medium | 5.3 | 2020-01-14 | Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly. |
CVE-2023-21462 | Medium | 4.2 | 2023-03-16 | The sensitive information exposure vulnerability in Quick Share Agent prior to versions 3.5.14.18 in Android 12 and 3.5.16.20 in Android 13 allows to local att… |
CVE-2025-12616 | Low | 3.7 | 2025-11-03 | A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulatio… |
CVE-2025-0895 | Low | 2.4 | 2025-03-02 | IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log mess… |
CVE-2024-22194 | Low | 2.2 | 2024-01-11 | cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An informati… |
CVE-2025-34081 | | 2025-07-01 | The Contec Co.,Ltd. CONPROSYS HMI System (CHS) exposes a PHP phpinfo() debug page to unauthenticated users that may contain sensitive data useful for an attack… | |
CVE-2018-1191 | | 2018-03-29 | Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain le… |