CWE-201
Insertion of Sensitive Info into Sent Data
MITRENo catalog description on file. The MITRE CWE site has the canonical reference.
Recent CVEs
showing 11 of 11- CVE-2026-44487—EPSS 0%19 h ago
Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter
npm - CVE-2026-7184Medium· 6.521 h ago
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the {{manage_secure_connections}} permission to obtain r
- CVE-2026-46481—EPSS 0%4 d ago
OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users
maven - CVE-2026-42539Medium· 6.5EPSS 0%4 d ago
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28
- CVE-2022-27779Medium· 5.3EPSS 0%25 d ago
curl/libcurl: cookie for trailing dot TLD
curl - CVE-2013-1944HighEPSS 2%25 d ago
curl/libcurl: cookie domain tailmatch
curl - CVE-2014-3620HighEPSS 1%25 d ago
curl/libcurl: cookie leak for TLDs
curl - CVE-2003-1605HighEPSS 0%2026-04-25
curl/libcurl: Proxy Authentication Header Information Leakage
curl - CVE-2014-3613MediumEPSS 2%2026-04-25
curl/libcurl: cookie leak with IP address as domain
curl - CVE-2023-46218MediumEPSS 0%2026-04-25
curl/libcurl: cookie mixed case PSL bypass
curl - CVE-2015-3153HighEPSS 8%2026-04-25
curl/libcurl: sensitive HTTP server headers also sent to proxies
curl
CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.