CWE-209— Generation of Error Message Containing Sensitive Information
535 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-209page 10 of 11
- CVE-2025-22218HIGHCVSS 8.5EG 8.52025-01-30
VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs
- CVE-2025-2239MEDIUMCVSS 5.3EG 5.32025-03-12
Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23.
- CVE-2025-22421MEDIUMCVSS 5.5EG 5.52025-09-02
In contentDescForNotification of NotificationContentDescription.kt, there is a possible notification content leak through the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional e…
- CVE-2025-23185MEDIUMCVSS 4.1EG 4.12025-03-11
Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privil…
- CVE-2025-23216MEDIUMCVSS 6.8EG 6.82025-01-30
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a…
- CVE-2025-23320HIGHCVSS 7.5EG 7.52025-08-06
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large request. A successful exploit of this vulnera…
- CVE-2025-24552MEDIUMCVSS 5.3EG 5.32025-01-24
Generation of Error Message Containing Sensitive Information vulnerability in paytiumsupport Paytium paytium allows Retrieve Embedded Sensitive Data.This issue affects Paytium: from n/a through <= 4.4.11.
- CVE-2025-25025MEDIUMCVSS 4.3EG 4.32025-05-28
IBM Security Guardium 12.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
- CVE-2025-25045MEDIUMCVSS 4.3EG 4.32025-04-23
IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system.
- CVE-2025-26333MEDIUMCVSS 5.9EG 5.92025-09-25
Dell BSAFE Crypto-J generates an error message that includes sensitive information about its environment and associated data. A remote attacker could potentially exploit this vulnerability, leading to information exposure.
- CVE-2025-31141LOWCVSS 2.7EG 2.72025-03-27
In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page
- CVE-2025-31960MEDIUMCVSS 5.3EG 5.32026-05-06
HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumer_company parameter during a…
- CVE-2025-31998LOWCVSS 3.5EG 3.52025-10-12
HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes sensitive information. An attacker can exploit use this information to exploit known vulnerabilities launch targeted attacks, such as remote c…
- CVE-2025-32238MEDIUMCVSS 4.3EG 4.32025-04-04
Generation of Error Message Containing Sensitive Information vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Retrieve Embedded Sensitive Data.This issue affects Online Bo…
- CVE-2025-36003HIGHCVSS 7.5EG 7.52025-08-28
IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.
- CVE-2025-36090MEDIUMCVSS 4.3EG 4.32025-07-10
IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain information about the application framework which could be used in reconnaissance to gather information for future attacks from a detailed technical e…
- CVE-2025-36437MEDIUMCVSS 4.3EG 4.32025-12-09
IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server architecture that could aid in further attacks against the system.
- CVE-2025-40653MEDIUMCVSS 6.9EG 0.02025-05-26
User enumeration vulnerability in M3M Printer Server Web. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine whether a username is valid or not, allowing a brute force at…
- CVE-2025-40718HIGHCVSS 7.5EG 7.52025-07-08
Improper error handling vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to send malformed payloads to generate error messages containing sensitive information.
- CVE-2025-40760MEDIUMCVSS 5.5EG 5.52025-11-11
A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly handle error messages and discloses sensitive password hash information when processing user authentication requests. …
- CVE-2025-41076MEDIUMCVSS 6.5EG 6.52025-11-20
In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including …
- CVE-2025-41441MEDIUMCVSS 5.3EG 3.72025-05-26
Mailform Pro CGI prior to 4.3.4 generates error messages containing sensitive information, which may allow a remote unauthenticated attacker to obtain coupon codes. This vulnerability only affects products that use the coupon feature.
- CVE-2025-4166MEDIUMCVSS 4.5EG 4.52025-05-02
Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault R…
- CVE-2025-43776MEDIUMCVSS 5.4EG 5.42025-09-09
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 thr…
- CVE-2025-43777MEDIUMCVSS 5.3EG 5.32025-09-09
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.19 ex…
- CVE-2025-44203HIGHCVSS 7.5EG 7.52025-06-20
In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administ…
- CVE-2025-46575MEDIUMCVSS 4.9EG 4.92025-04-27
There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.
- CVE-2025-46658CRITICALCVSS 9.8EG 9.82025-08-05
An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages.
- CVE-2025-46746MEDIUMCVSS 5.8EG 5.82025-05-12
An administrator could discover another account's credentials.
- CVE-2025-47813MEDIUMCVSS 4.3EG 9.0⚠ KEV2025-07-10
loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.
- CVE-2025-48562MEDIUMCVSS 5.0EG 5.02025-09-04
In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for ex…
- CVE-2025-49128MEDIUMCVSS 4.0EG 4.02025-06-06
Jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in jackson-core's `JsonLocation._appendSourceDes…
- CVE-2025-52022MEDIUMCVSS 5.3EG 5.32026-01-23
A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when…
- CVE-2025-52023MEDIUMCVSS 5.3EG 5.32026-01-23
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when spe…
- CVE-2025-52619MEDIUMCVSS 5.3EG 5.32025-08-15
HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about the underlying platform.
- CVE-2025-52641LOWCVSS 2.9EG 2.92026-04-15
HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying environment, which could potentially aid…
- CVE-2025-52671MEDIUMCVSS 4.3EG 4.32025-11-20
Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use.
- CVE-2025-53803MEDIUMCVSS 5.5EG 5.52025-09-09
Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.
- CVE-2025-54291MEDIUMCVSS 5.3EG 5.32025-10-02
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.
- CVE-2025-54562MEDIUMCVSS 4.3EG 4.32025-11-14
A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Technical Information to be Disclosed through stack trace.
- CVE-2025-54791MEDIUMCVSS 5.3EG 5.32025-08-13
OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can …
- CVE-2025-55250LOWCVSS 1.8EG 1.82026-01-19
HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in information disclosure or aiding further attacks.
- CVE-2025-55676MEDIUMCVSS 5.5EG 5.52025-10-14
Generation of error message containing sensitive information in Windows USB Video Driver allows an authorized attacker to disclose information locally.
- CVE-2025-5731MEDIUMCVSS 5.5EG 5.52025-06-26
A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.
- CVE-2025-59016MEDIUMCVSS 4.3EG 4.32025-09-09
Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed…
- CVE-2025-59853LOWCVSS 3.1EG 3.12026-05-06
HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic…
- CVE-2025-61959MEDIUMCVSS 5.3EG 5.32025-10-29
Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insec…
- CVE-2025-62168CRITICALCVSS 10.0EG 10.02025-10-17
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protect…
- CVE-2025-62397MEDIUMCVSS 5.3EG 5.32025-10-23
The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance.
- CVE-2025-62840LOWCVSS 3.3EG 3.32026-01-02
A generation of error message containing sensitive information vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read application data.…
Map vulnerabilities like CWE-209 to your infrastructure
EchelonGraph correlates every CVE — across CWE-209 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →