Information Disclosure - Debug Error Messages
- Risk:
Low
- Type:
- Passive
- CWE:
- CWE-200
- Summary
The response appeared to contain common error messages returned by platforms such as ASP.NET, and Web-servers such as IIS and Apache. You can configure the list of common debug messages.
- Solution
Disable debugging messages before pushing to production.
Oracle denies breach after hacker claims theft of 6 million data records
CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites
CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)
Oracle Health breach compromises patient data at US hospitals
New SuperBlack ransomware exploits Fortinet auth bypass flaws
NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248)
Microsoft Trusted Signing service abused to code-sign malware
Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)
Oracle customers confirm data stolen in alleged cloud breach is valid
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
CVE-2025-30066 tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-24201 Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
InformationalInformation Disclosure - Sensitive Information in URL
LowInsufficient Site Isolation Against Spectre Vulnerability
MediumFile Upload
MediumHTTP Parameter Override
InformationalBase64 Disclosure in WebSocket message
LowServer Leaks Version Information via "Server" HTTP Response Header Field
HighPath Traversal
CWE-913 Improper Control of Dynamically-Managed Code Resources
CWE-82 Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
CWE-1258 Exposure of Sensitive System Information Due to Uncleared Debug Information
CWE-1064 Invokable Control Element with Signature Containing an Excessive Number of Parameters
CWE-162 Improper Neutralization of Trailing Special Elements
Free online web security scanner