CWE-201: CWE-201
Yearly Trend
Top Affected Vendors
All CWE-201 CVEs (146)
This critical vulnerability in Cisco Jabber allows attackers to execute arbitrary programs with elevated privileges or access sensitive information. I...
Jan 7, 2021CVE-2020-27133 is a critical vulnerability in Cisco Jabber that allows attackers to execute arbitrary code with elevated privileges or access sensitiv...
Dec 11, 2020This critical vulnerability in Cisco Jabber allows attackers to execute arbitrary code with elevated privileges or access sensitive information. It af...
Dec 11, 2020Netwrix Directory Manager (formerly Imanami GroupID) versions 11.0.0.0 and earlier, and versions after 11.1.25134.03, expose sensitive information in ...
May 28, 2025This vulnerability in XWiki Platform allows attackers to steal login and session cookies via image embedding in rendered diffs, enabling user imperson...
Nov 20, 2023This vulnerability allows unauthorized project or group members in GitLab EE to read CI/CD variables through custom project templates. It affects all ...
Nov 6, 2023This vulnerability in Apache HTTP Server allows remote code execution when Server Side Includes (SSI) is enabled with mod_cgid. Attackers can inject s...
Dec 5, 2025The WordPress Simple Shopping Cart plugin has a vulnerability that allows unauthenticated attackers to access sensitive information and download paid ...
Apr 23, 2025This vulnerability exposes account recovery hashes through API endpoints in lunary-ai/lunary, allowing authenticated users to access sensitive informa...
Nov 14, 2024CVE-2024-8890 allows attackers on the same network as vulnerable CIRCUTOR Q-SMT devices to intercept credentials and hijack sessions because the devic...
Sep 18, 2024CVE-2021-23019 exposes NGINX Controller administrator passwords in the systemd.txt file within support packages. This allows attackers with access to ...
Jun 1, 2021This vulnerability allows authenticated users without specific permissions to access sensitive information of admin users via JSONWS APIs in Liferay P...
Aug 23, 2025ExtremePACS Extreme XDS before version 3933 contains a vulnerability where sensitive information is improperly embedded in sent data, allowing attacke...
Mar 6, 2025Binardat 10G08-0800GSM network switches expose administrative passwords in plaintext within the web interface and HTTP responses, allowing attackers t...
Feb 24, 2026This vulnerability allows unauthenticated attackers to access the /wizard_reboot.asp page on Edimax EW-7438RPn-v3 Mini range extenders, which disclose...
Feb 5, 2026This vulnerability exposes administrative credentials in plaintext within HTTP responses from the Tenda W30E V2 router's maintenance interface. Attack...
Jan 26, 2026This vulnerability in the Tabby Checkout WordPress plugin exposes sensitive data embedded in sent information, allowing attackers to retrieve confiden...
Jan 22, 2026This vulnerability in the WordPress Cookies and Content Security Policy plugin allows attackers to retrieve embedded sensitive data from sent informat...
Jan 22, 2026This vulnerability in the BulletProof Security WordPress plugin allows attackers to retrieve embedded sensitive data through information insertion int...
Jan 8, 2026This vulnerability in the Contact Form 7 Extension For Mailchimp WordPress plugin exposes sensitive data embedded in form submissions. Attackers can r...
Dec 30, 2025This vulnerability in the Tablesome WordPress plugin allows attackers to retrieve embedded sensitive data from tables. It affects all WordPress sites ...
Dec 24, 2025This vulnerability in Ultimate Member Widgets for Elementor WordPress plugin allows attackers to retrieve embedded sensitive data from the plugin's wi...
Dec 18, 2025This vulnerability in MasterStudy LMS Pro WordPress plugin allows attackers to retrieve embedded sensitive data from the system. It affects all WordPr...
Dec 18, 2025This vulnerability in the Passster WordPress plugin allows attackers to retrieve embedded sensitive data that should be protected. It affects all Word...
Dec 18, 2025This vulnerability in the INFINITUM FORM Geo Controller WordPress plugin exposes sensitive embedded data through sent information. Attackers can retri...
Dec 9, 2025This vulnerability in Argus Technology Inc.'s BILGER software allows attackers to insert sensitive information into transmitted data by manipulating m...
Dec 2, 2025This vulnerability allows attackers to retrieve embedded sensitive data from the Ays Pro AI ChatBot WordPress plugin. The plugin inadvertently exposes...
Nov 6, 2025This vulnerability in the Atarim Visual Collaboration WordPress plugin allows attackers to retrieve embedded sensitive data from the plugin's sent com...
Nov 6, 2025The Publitio WordPress plugin versions up to 2.2.3 contain a vulnerability that allows attackers to retrieve embedded sensitive data from sent informa...
Oct 27, 2025This vulnerability in the Atarim Visual Collaboration WordPress plugin allows attackers to retrieve embedded sensitive data from the plugin's sent dat...
Oct 27, 2025This vulnerability in the Simple Job Board WordPress plugin allows attackers to retrieve embedded sensitive data from job applications, such as person...
Oct 22, 2025GiveWP WordPress plugin versions before 4.6.1 expose sensitive personal information (PII) in sent data. This vulnerability allows attackers to retriev...
Aug 12, 2025This vulnerability in XWiki allows attackers to access page titles through the REST API without proper authorization. It affects XWiki installations w...
Jun 13, 2025This vulnerability in MultiVendorX WordPress plugin allows attackers to retrieve embedded sensitive data that should not be exposed. It affects all Wo...
Jun 9, 2025FreshRSS versions before 1.26.2 contain an information disclosure vulnerability that allows attackers to check for the existence of specific directori...
Jun 4, 2025The Hive Support WordPress plugin versions up to 1.2.2 contain a vulnerability that allows attackers to retrieve embedded sensitive data through infor...
Apr 17, 2025This vulnerability in the WPDB to Sql WordPress plugin allows attackers to retrieve sensitive embedded data through information disclosure in sent dat...
Jan 22, 2025This vulnerability in the WM Options Import Export WordPress plugin allows attackers to retrieve embedded sensitive data through information insertion...
Jan 22, 2025This vulnerability in Drupal File Entity module allows attackers to access sensitive files through forceful browsing by manipulating URLs. It affects ...
Jan 9, 2025This vulnerability in the WPSpins Post/Page Copying Tool WordPress plugin allows attackers to retrieve embedded sensitive data from posts or pages. It...
Jan 7, 2025This vulnerability in WP Mailster WordPress plugin exposes sensitive data embedded in sent emails or communications. Attackers can retrieve confidenti...
Dec 6, 2024This vulnerability allows attackers to retrieve embedded sensitive data from VideoWhisper's WordPress plugins. It affects all installations using Cont...
Oct 17, 2024This vulnerability exposes the 'tokenKey' value used for user authorization in the HTML source of login pages, allowing attackers to bypass authentica...
Jan 12, 2024Lightdash versions before 0.1027.2 contain a server-side request forgery (SSRF) vulnerability that allows authenticated users (Administrators or Edito...
Aug 30, 2024CVE-2023-6916 is an information disclosure vulnerability where OpenAPI audit logs may contain sensitive data like credentials or tokens. This affects ...
Apr 10, 2024This vulnerability in Atlas Educational Software's K12net allows attackers to manipulate communication channels and insert sensitive information into ...
Feb 9, 2026This vulnerability allows attackers to obtain OAuth2 client secrets from the vault in Eclipse Dataspace Components. It affects users of the EDC Connec...
May 7, 2024This vulnerability in Fleet device management software exposes Google Calendar service account credentials to authenticated low-privilege users. Attac...
Feb 26, 2026This vulnerability in the WordPress B Accordion plugin allows attackers to retrieve embedded sensitive data from the plugin's output. It affects all W...
Jan 23, 2026This vulnerability in the Booking Ultra Pro WordPress plugin exposes sensitive embedded data through sent information. Attackers can retrieve confiden...
Jan 22, 2026About CWE-201 (CWE-201)
Our database tracks 146 CVEs classified as CWE-201, with 5 rated critical and 40 rated high severity. The average CVSS score for CWE-201 vulnerabilities is 6.2.
External reference: View CWE-201 on MITRE CWE →
Monitor CWE-201 Vulnerabilities
Get alerted when new CWE-201 CVEs affect your infrastructure.
Start Monitoring Free