CWE-223 - Omission of Security-relevant Information

CWE ID:

CWE-223

Abstraction:Base
Structure:Simple
Status:Draft

Release Date:2006-07-19
Latest Modification Date:2023-10-26

Weakness Name

Omission of Security-relevant Information

Description

The product does not record or display information that would be important for identifying the source or nature of an attack, or determining if an action is safe.

Common Consequences

Scope: Non-Repudiation

Impact: Hide Activities

Notes: The source of an attack will be difficult or impossible to determine. This can allow attacks to the system to continue without notice.

Related Weaknesses

CWE-221Information Loss or Omission

Latest Security News

E-ZPass toll payment texts return in massive phishing wave
OpenAI tests watermarking for ChatGPT-4o Image Generation model
Carding tool abusing WooCommerce API downloaded 34K times on PyPI
Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws
Coinbase to fix 2FA account activity entry freaking out users
North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
WinRAR flaw bypasses Windows Mark of the Web security alerts
Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data
Port of Seattle says ransomware breach impacts 90,000 people
PoisonSeed phishing campaign behind emails with wallet seed phrases

Latest CVE List

CVE-2025-24813 Apache Tomcat Path Equivalence Vulnerability
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

Top Alert List

CSP
Content Security Policy (CSP) Header Not Set
MediumAbsence of Anti-CSRF Tokens
MediumMissing Anti-clickjacking Header
InformationalInformation Disclosure - Suspicious Comments
LowCross-Domain JavaScript Source File Inclusion
MediumContent Security Policy (CSP) Header Not Set
LowTimestamp Disclosure - Unix
LowCSP: X-Content-Security-Policy
HighPII Disclosure

Common CWEs

MediumCWE-468 Incorrect Pointer Scaling
CWE-423 DEPRECATED: Proxied Trusted Channel
CWE-522 Insufficiently Protected Credentials
CWE-38 Path Traversal: '\absolute\pathname\here'
CWE-180 Incorrect Behavior Order: Validate Before Canonicalize
CWE-683 Function Call With Incorrect Order of Arguments
CWE-51 Path Equivalence: '/multiple//internal/slash'
CWE-615 Inclusion of Sensitive Information in Source Code Comments
CWE-1419 Incorrect Initialization of Resource
CWE-1243 Sensitive Non-Volatile Information Not Protected During Debug