CWE-201: CWE-201
Yearly Trend
Top Affected Vendors
All CWE-201 CVEs (146)
This vulnerability in Vimesoft Corporate Messaging Platform allows attackers to retrieve embedded sensitive data from sent messages. It affects organi...
Sep 26, 2025The Tribal WordPress plugin versions up to 1.3.3 contains a vulnerability where sensitive information is embedded in sent data, potentially allowing a...
Sep 26, 2025This vulnerability in the FoodBook WordPress plugin allows attackers to retrieve embedded sensitive data through insertion of information into sent da...
Sep 26, 2025This vulnerability in the 3D FlipBook WordPress plugin allows attackers to retrieve embedded sensitive data from flipbooks. It affects all WordPress s...
Sep 22, 2025This vulnerability in the EnvΓos Coordinadora Woocommerce WordPress plugin exposes sensitive information embedded in sent data. Attackers can retriev...
Sep 22, 2025The UK Address Postcode Validation WordPress plugin exposes API keys in sent data, allowing unauthorized third parties to steal and misuse them. This ...
Sep 22, 2025This vulnerability in Hesabfa Accounting WordPress plugin exposes sensitive data through log files. Attackers can retrieve embedded sensitive informat...
Aug 28, 2025This vulnerability in the Accept Authorize.NET Payments Using Contact Form 7 WordPress plugin exposes sensitive payment data embedded in form submissi...
Jun 27, 2025The Modern Events Calendar Lite WordPress plugin versions up to 7.21.9 expose full web server path information to unauthenticated attackers through im...
Jun 6, 2025An unauthenticated information disclosure vulnerability in HAX open-apis allows remote attackers to retrieve a full list of PSU websites hosted on HAX...
Jun 2, 2025This vulnerability in the Spotlight Social Media Feeds Premium WordPress plugin allows attackers to retrieve embedded sensitive data from the plugin's...
May 26, 2025This vulnerability in the Viral Loops WP Integration WordPress plugin allows attackers to retrieve sensitive data embedded in sent information. It aff...
Apr 1, 2025This vulnerability allows attackers to retrieve embedded sensitive data from the AppExperts WordPress to Mobile App plugin. It affects WordPress sites...
Mar 24, 2025This vulnerability in WP Mailster WordPress plugin allows attackers to retrieve embedded sensitive data from sent emails. It affects all WP Mailster i...
Jan 7, 2025The SiteGuard WP Plugin vulnerability exposes the customized login page path through wp-register.php redirection. Attackers can discover hidden login ...
Jun 19, 2024This vulnerability in WP AI CoPilot WordPress plugin allows attackers to retrieve embedded sensitive data from the plugin's sent data. It affects all ...
Dec 18, 2025This vulnerability allows authenticated low-privileged attackers to bypass authorization controls on REST API endpoints in Cisco Nexus Dashboard and N...
Aug 27, 2025CVE-2025-15329 is an information disclosure vulnerability in Tanium Threat Response that allows unauthorized access to sensitive data. Organizations u...
Feb 5, 2026This vulnerability in the Templately WordPress plugin exposes sensitive embedded data through sent information. Attackers can retrieve confidential in...
Aug 20, 2025This vulnerability in the Ninja Tables WordPress plugin allows attackers to retrieve embedded sensitive data through improper handling of sent informa...
Feb 19, 2026This vulnerability in Moodle exposes user identifiers in URLs during anonymous assignment submissions, compromising intended anonymity. Attackers can ...
Feb 3, 2026This vulnerability in the EventPrime WordPress plugin allows attackers to retrieve embedded sensitive data through information insertion into sent dat...
Dec 9, 2025This vulnerability in the WP AI CoPilot WordPress plugin allows attackers to retrieve embedded sensitive data through information leakage in sent data...
Dec 9, 2025This vulnerability in GitLab allows unauthorized users to view confidential branch names when accessing project issues with related merge requests. It...
Nov 15, 2025This vulnerability allows blocked GitLab users to access sensitive information by establishing GraphQL subscriptions through WebSocket connections. It...
Nov 15, 2025This vulnerability in Rank Math SEO WordPress plugin exposes sensitive embedded data that could be retrieved by attackers. It affects all WordPress si...
Oct 31, 2025This vulnerability in the Stackable WordPress plugin allows attackers to retrieve embedded sensitive data through information leakage in sent data. It...
Sep 26, 2025This WordPress vulnerability allows users with contributor-level privileges to embed sensitive data into sent content, potentially exposing informatio...
Sep 23, 2025This vulnerability in All In One SEO Pack WordPress plugin exposes sensitive embedded data through sent responses. Attackers can retrieve information ...
Sep 22, 2025This vulnerability in the Getwid WordPress plugin allows attackers to retrieve embedded sensitive data through information leakage in sent responses. ...
Sep 22, 2025This vulnerability in the Qubely WordPress plugin allows attackers to retrieve embedded sensitive data that should not be exposed. It affects all Word...
Sep 22, 2025The Gunosy mobile app contains an information disclosure vulnerability where JSON Web Tokens (JWTs) may be leaked in outbound communications. If users...
Sep 2, 2025This vulnerability in TaxoPress WordPress plugin exposes sensitive embedded data through sent information. Attackers can retrieve confidential informa...
Aug 14, 2025This vulnerability allows authenticated CVAT users to enumerate all task, project, label, job, and quality report IDs and names on the instance. It ca...
May 30, 2025This vulnerability allows unauthorized users to access form entry data in affected Liferay versions. It affects Liferay Portal 7.4.0-7.4.3.126 and mul...
Mar 20, 2025IBM Sterling Connect:Direct Web Services versions 6.0-6.3 expose sensitive IP address information to authenticated users in API responses. This inform...
Jan 19, 2025This vulnerability in Cisco Content Security Management Appliance (SMA) allows authenticated remote attackers to access sensitive information, includi...
Nov 18, 2024The goTenna Pro ATAK Plugin's default settings broadcast user location data every 60 seconds without encryption when the plugin is active. This vulner...
Sep 26, 2024HCL Connections has an information disclosure vulnerability where improper rendering of application data allows authenticated users to access sensitiv...
Nov 18, 2025This vulnerability in the Traveler Option Tree WordPress plugin exposes sensitive embedded data through sent responses. Attackers can retrieve informa...
Dec 16, 2025LogStare Collector contains an information disclosure vulnerability where administrative users can access other users' password hashes. This affects a...
Nov 21, 2025Tenda AC7 routers expose administrative credentials in plaintext within web management responses, allowing attackers to steal router passwords. The vu...
Feb 3, 2026This vulnerability allows unauthenticated attackers with knowledge of the OCPP v1.6 protocol to obtain information from electric vehicle chargers. It ...
Jan 7, 2026This vulnerability in yawkat LZ4 Java library allows attackers to read previous contents of output buffers when processing crafted compressed input. A...
Dec 5, 2025Sentry-Javascript SDK versions 10.11.0 to 10.27.0 inadvertently send sensitive HTTP headers like Cookie to Sentry when sendDefaultPii is enabled. This...
Nov 25, 2025Parse Server versions before 8.5.0-alpha.5 allow unauthenticated clients to execute MongoDB explain() queries without requiring the master key. This e...
Nov 10, 2025About CWE-201 (CWE-201)
Our database tracks 146 CVEs classified as CWE-201, with 5 rated critical and 40 rated high severity. The average CVSS score for CWE-201 vulnerabilities is 6.2.
External reference: View CWE-201 on MITRE CWE →
Monitor CWE-201 Vulnerabilities
Get alerted when new CWE-201 CVEs affect your infrastructure.
Start Monitoring Free