CWE-201 - Insertion of Sensitive Information Into Sent Data

CWE ID:

CWE-201

Weakness Name

Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

Scope: Confidentiality

Impact: Read Files or Directories, Read Memory, Read Application Data

Notes: Sensitive data may be exposed to attackers.

North Korean hackers adopt ClickFix attacks to target crypto firms
Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images
5 Impactful AWS Vulnerabilities You're Responsible For
Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine
Microsoft tests new Windows 11 tool to remotely fix boot crashes
New Crocodilus malware steals Android users’ crypto wallet keys
Microsoft's killing script used to avoid Microsoft Account in Windows 11
RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
U.S. seized $8.2 million in crypto linked to 'Romance Baiting' scams
New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials

CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability

HighCWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-1426 Improper Validation of Generative AI Output
CWE-693 Protection Mechanism Failure
CWE-1091 Use of Object without Invoking Destructor Method
HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-1053 Missing Documentation for Design
CWE-1173 Improper Use of Validation Framework
CWE-1230 Exposure of Sensitive Information Through Metadata
CWE-125 Out-of-bounds Read
HighCWE-862 Missing Authorization