Threats Tagged 'cwe-201'
View all threats tagged with 'cwe-201'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cwe-201'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-22551: CWE-201: Insertion of Sensitive Information Into Sent Data in Eclipse Foundation Eclipse TheiaCVE-2026-22551 0 In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs encoding sensitive information from the workspace or conversation context, exfiltrating it to attacker-controlled servers. The workspace trust enforcement introduced in v1.71.0 mitigates the documented attack chain by disabling AI features in untrusted workspaces. Join the discussion | CVE Database V5 | 06/18/2026, 14:32:01 UTC Added: 06/18/2026, 15:20:12 UTC |
CVE-2024-35690: CWE-201 Insertion of sensitive information into sent data in MarketingFire Widget OptionsCVE-2024-35690 0 Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1. Join the discussion | CVE Database V5 | 06/17/2026, 12:05:25 UTC Added: 06/17/2026, 12:46:15 UTC |
CVE-2026-52698: CWE-201 Insertion of Sensitive Information Into Sent Data in Syed Balkhi PushEngage – Web Push Notifications, eCommerce Automation & Chat WidgetCVE-2026-52698 0 CVE-2026-52698 is a high-severity vulnerability in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget versions up to 4.2.3. It involves the insertion of sensitive subscriber data into sent data, leading to potential exposure of this information. The vulnerability is classified under CWE-201, indicating sensitive information exposure through data insertion. No official patch or remediation guidance is currently provided by the vendor. Join the discussion | CVE Database V5 | 06/17/2026, 09:51:30 UTC Added: 06/17/2026, 11:09:06 UTC |
CVE-2026-27868: CWE-201 Insertion of sensitive information into sent data in Teldat Regesta Smart HD-PLC - TLDPH16D2CVE-2026-27868 0 An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could obtain privilege information by using the command Version via the path: /upgrade/query.php?cmd=p+3&3Bversion resulting in a information disclosure. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02. Join the discussion | CVE Database V5 | 06/17/2026, 08:13:36 UTC Added: 06/17/2026, 09:45:22 UTC |
CVE-2026-54197: CWE-201 Insertion of Sensitive Information Into Sent Data in Wpmet GetGenieCVE-2026-54197 0 Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions. Join the discussion | CVE Database V5 | 06/16/2026, 09:00:37 UTC Added: 06/16/2026, 13:15:54 UTC |
CVE-2026-52695: CWE-201 Insertion of Sensitive Information Into Sent Data in Al Monsor ABC Crypto CheckoutCVE-2026-52695 0 Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions. Join the discussion | CVE Database V5 | 06/15/2026, 20:19:32 UTC Added: 06/15/2026, 20:32:54 UTC |
CVE-2026-52692: CWE-201 Insertion of Sensitive Information Into Sent Data in wp.insider Affiliates ManagerCVE-2026-52692 0 Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions. Join the discussion | CVE Database V5 | 06/15/2026, 20:19:30 UTC Added: 06/15/2026, 20:32:54 UTC |
CVE-2026-49082: CWE-201 Insertion of Sensitive Information Into Sent Data in Chatway Live Chat Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat ButtonsCVE-2026-49082 0 Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons <= 1.4.8 versions. Join the discussion | CVE Database V5 | 06/15/2026, 20:19:16 UTC Added: 06/15/2026, 20:32:44 UTC |
CVE-2026-48965: CWE-201 Insertion of Sensitive Information Into Sent Data in watchful XClonerCVE-2026-48965 0 Subscriber Sensitive Data Exposure in XCloner <= 4.8.6 versions. Join the discussion | CVE Database V5 | 06/15/2026, 20:19:07 UTC Added: 06/15/2026, 20:32:40 UTC |
CVE-2026-42384: CWE-201 Insertion of Sensitive Information Into Sent Data in NSquared Simply Schedule AppointmentsCVE-2026-42384 0 CVE-2026-42384 is a high-severity vulnerability in NSquared's Simply Schedule Appointments software versions prior to 1.6.11.2. It involves unauthenticated exposure of sensitive data due to insertion of sensitive information into sent data. The vulnerability does not require user interaction or privileges to exploit and impacts confidentiality without affecting integrity or availability. Join the discussion | CVE Database V5 | 06/15/2026, 20:18:33 UTC Added: 06/15/2026, 20:32:21 UTC |
Showing 1 to 10 of 25 results