Home/Alerts/Alert detail/

Information Disclosure - Debug Error Messages

Risk:
Low

Type:
Passive

CWE:
CWE-200

Summary: The response appeared to contain common error messages returned by platforms such as ASP.NET, and Web-servers such as IIS and Apache. You can configure the list of common debug messages.

Solution: Disable debugging messages before pushing to production.

Top Security News

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)

Bitbucket services “hard down” due to major worldwide outage

SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025

Windows Server 2025 released—here are the new features

Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure

U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Salt Typhoon

TikTok is back up in the US after Trump says he will extend deadline

Common Alerts

MediumCSP: script-src unsafe-eval

InformationalImage Exposes Location or Privacy Data

LowServer Leaks Version Information via "Server" HTTP Response Header Field

LowCSP: Notices

HighPath Traversal

HighRemote Code Execution - Shell Shock

InformationalUser Controllable Charset

MediumSource Code Disclosure - PHP

Medium.htaccess Information Leak

HighAccess Control Issue - Improper Authentication

Latest CVE List

CVE-2025-23006 SonicWall SMA1000 Appliances Deserialization Vulnerability

CVE-2020-11023 JQuery Cross-Site Scripting (XSS) Vulnerability

CVE-2024-50603 Aviatrix Controllers OS Command Injection Vulnerability

CVE-2024-55591 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

CVE-2025-21333 Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability

CVE-2025-21334 Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability

CVE-2025-21335 Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability

CVE-2024-12686 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability

CVE-2023-48365 Qlik Sense HTTP Tunneling Vulnerability

CVE-2025-0282 Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

Common CWEs

CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CWE-1108 Excessive Reliance on Global Variables

CWE-300 Channel Accessible by Non-Endpoint

HighCWE-257 Storing Passwords in a Recoverable Format

CWE-377 Insecure Temporary File

CWE-1100 Insufficient Isolation of System-Dependent Functions

CWE-284 Improper Access Control

MediumCWE-369 Divide By Zero

CWE-1304 Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation

CWE-431 Missing Handler

Free online web security scanner

Don't show website scan report rating on the leaderboard