CWE-209

Sensitive Info in Error Message

No catalog description on file. The MITRE CWE site has the canonical reference.

CVEs (total)

7

Critical

0

High

2

Medium

4

Low

0

Severity distribution

Recent CVEs

showing 7 of 7

CVE-2026-47248—EPSS 0%16 h ago
Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers
npm
CVE-2024-29059High· 7.5KEVEPSS 94%21 h ago
Microsoft .NET Framework Information Disclosure Vulnerability
CVE-2025-47813Medium· 4.3KEVEPSS 25%21 h ago
Wing FTP Server Information Disclosure Vulnerability
CVE-2026-40997Medium· 5.3EPSS 0%1 d ago
Several Spring WS integration paths with Spring Security could surface detailed account state (for example locked or disabled user semantics) to remote SOAP clients through exception messages or callback outcomes, instead of failing with ge
CVE-2026-9794Medium· 5.3EPSS 0%2 d ago
A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Security Assertion Markup Language Enhanced Client or Proxy) endpoint with varying c
CVE-2026-41730Medium· 5.3EPSS 0%2 d ago
Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4
CVE-2025-1395High· 8.2EPSS 0%7 d ago
Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping. This issue affects HeyGarson: through 30012026. NOTE: The v

CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.