目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-201 通过发送数据的信息暴露 类漏洞列表 298

CWE-201 通过发送数据的信息暴露 类弱点 298 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-201属于信息泄露类漏洞,指代码在向外部实体传输数据时,意外包含了不应被该实体访问的敏感信息。攻击者通常通过拦截网络流量或日志分析,窃取如密码、密钥或个人隐私等机密数据,进而实施身份伪造或进一步渗透。开发者应避免在日志、调试输出或API响应中记录敏感字段,采用数据最小化原则,并对传输内容进行加密与脱敏处理,确保仅传输必要且授权的信息。

MITRE CWE 官方描述
CWE:CWE-201 将敏感信息插入到发送数据中 英文:代码将数据发送给另一个实体,但数据的一部分包含该实体不应访问的敏感信息。
常见影响 (1)
ConfidentialityRead Files or Directories, Read Memory, Read Application Data
Sensitive data may be exposed to attackers.
缓解措施 (4)
RequirementsSpecify which data in the software should be regarded as sensitive. Consider which types of users should have access to which types of data.
ImplementationEnsure that any possibly sensitive data specified in the requirements is verified with designers to ensure that it is either a calculated risk or mitigated elsewhere. Any information that is not necessary to the functionality should be removed in order to lower both the overhead and the possibility of security sensitive data being sent.
System ConfigurationSetup default error messages so that unexpected errors do not disclose sensitive information.
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
代码示例 (1)
The following is an actual MySQL error statement:
Warning: mysql_pconnect(): Access denied for user: 'root@localhost' (Using password: N1nj4) in /usr/local/www/wi-data/includes/database.inc on line 4
Result · SQL
CVE ID标题CVSS风险等级Published
CVE-2026-44653 LibreChat 共享 MCP 服务器视图泄露解密的管理员密钥 — LibreChat 6.5 Medium2026-06-02
CVE-2026-35447 NamelessMC 绕过个人资料限制实现跨写 — Nameless--2026-06-02
CVE-2026-42673 Logtivity插件<=3.3.6敏感数据泄露漏洞 — Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity 7.5 High2026-06-01
CVE-2026-49370 JetBrains YouTrack 安全漏洞 — YouTrack 3.4 Low2026-05-29
CVE-2026-10101 Red Hat assisted-service 安全漏洞 — Multicluster Engine for Kubernetes 6.3 Medium2026-05-29
CVE-2026-45582 n8n-MCP 安全漏洞 — n8n-mcp 6.5 Medium2026-05-29
CVE-2026-42746 WordPress plugin Smart Online Order for Clover 安全漏洞 — Smart Online Order for Clover 7.3 High2026-05-27
CVE-2026-48877 WordPress plugin GenerateBlocks 安全漏洞 — GenerateBlocks 6.5 Medium2026-05-27
CVE-2026-41181 Traefik 安全漏洞 — traefik--2026-05-15
CVE-2025-62305 HCL AION 安全漏洞 — AION 5.1 Medium2026-05-14
CVE-2025-62308 HCL AION 安全漏洞 — AION 5.1 Medium2026-05-14
CVE-2025-62309 HCL AION 安全漏洞 — AION 2.6 Low2026-05-14
CVE-2026-45215 WordPress plugin WP EasyPay 安全漏洞 — WP EasyPay 5.3 Medium2026-05-12
CVE-2025-31978 HCL BigFix Service Management 安全漏洞 — BigFix Service Management (SM) 4.6 Medium2026-05-06
CVE-2026-42379 WordPress plugin Templately 安全漏洞 — Templately 7.7 High2026-04-27
CVE-2026-5512 GitHub Enterprise Server 安全漏洞 — Enterprise Server 4.3AIMediumAI2026-04-21
CVE-2026-40161 Tekton Pipelines 安全漏洞 — pipeline 7.7 High2026-04-21
CVE-2026-4525 HashiCorp Vault 安全漏洞 — Vault 7.5 High2026-04-17
CVE-2026-5483 Red Hat OpenShift AI 安全漏洞 — Red Hat OpenShift AI 2.16 8.5 High2026-04-10
CVE-2026-39912 V2Board 安全漏洞 — v2board 9.1 Critical2026-04-09
CVE-2026-39711 WordPress plugin RT-Theme 18 Extensions 安全漏洞 — RT-Theme 18 | Extensions 5.3 Medium2026-04-08
CVE-2026-39709 WordPress plugin The Tribal 安全漏洞 — The Tribal 5.3 Medium2026-04-08
CVE-2026-39586 WordPress plugin RepairBuddy 安全漏洞 — RepairBuddy 5.3 Medium2026-04-08
CVE-2026-39570 WordPress plugin 12 Step Meeting List 安全漏洞 — 12 Step Meeting List 5.3 Medium2026-04-08
CVE-2026-39564 WordPress plugin Sunshine Photo Cart 安全漏洞 — Sunshine Photo Cart 5.3 Medium2026-04-08
CVE-2026-39542 WordPress plugin Doofinder for WooCommerce 安全漏洞 — Doofinder for WooCommerce 5.3 Medium2026-04-08
CVE-2026-39473 WordPress plugin Simple History 安全漏洞 — Simple History 5.3 Medium2026-04-08
CVE-2026-20151 Cisco Smart Software Manager On-Prem 安全漏洞 — Cisco Smart Software Manager On-Prem 7.3 High2026-04-01
CVE-2026-4927 Devolutions Server 安全漏洞 — Server 6.5AIMediumAI2026-04-01
CVE-2026-34226 happy-dom 安全漏洞 — happy-dom 7.5 High2026-03-27

CWE-201(通过发送数据的信息暴露) 是常见的弱点类别,本平台收录该类弱点关联的 298 条 CVE 漏洞。