Web Application Vulnerabilities Index

This page lists X vulnerabilities classified as CWE-200 that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
Sensitive Data Exposure - LinkedIn API Key
Sensitive Data Exposure - LinkedIn API Key
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - MailChimp API Key
Sensitive Data Exposure - MailChimp API Key
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - MailGun API Key
Sensitive Data Exposure - MailGun API Key
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Mapbox Token
Sensitive Data Exposure - Mapbox Token
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Nexmo Secret
Sensitive Data Exposure - Nexmo Secret
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - NPM Access Token
Sensitive Data Exposure - NPM Access Token
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - NuGet API Key
Sensitive Data Exposure - NuGet API Key
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Okta Secret Key
Sensitive Data Exposure - Okta Secret Key
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Omise Secret Key
Sensitive Data Exposure - Omise Secret Key
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Paypal Access Token
Sensitive Data Exposure - Paypal Access Token
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Picatic API key
Sensitive Data Exposure - Picatic API key
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - SendGrid API Key
Sensitive Data Exposure - SendGrid API Key
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Sentry Auth Token
Sensitive Data Exposure - Sentry Auth Token
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Slack Token
Sensitive Data Exposure - Slack Token
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Slack v1.x Token
Sensitive Data Exposure - Slack v1.x Token
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Slack Webhook
Sensitive Data Exposure - Slack Webhook
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - SonarQube User Token
Sensitive Data Exposure - SonarQube User Token
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Square OAuth Secret
Sensitive Data Exposure - Square OAuth Secret
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Square Personal Access Token
Sensitive Data Exposure - Square Personal Access Token
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - SSH Key
Sensitive Data Exposure - SSH Key
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Stripe API key
Sensitive Data Exposure - Stripe API key
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Symfony Application Secret
Sensitive Data Exposure - Symfony Application Secret
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Teams Webhook
Sensitive Data Exposure - Teams Webhook
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Telegram Bot API Token
Sensitive Data Exposure - Telegram Bot API Token
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Twilio API Key
Sensitive Data Exposure - Twilio API Key
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Twitter Access Token Secret
Sensitive Data Exposure - Twitter Access Token Secret
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Twitter API Secret Key
Sensitive Data Exposure - Twitter API Secret Key
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - WordPress Authentication Key/Salt
Sensitive Data Exposure - WordPress Authentication Key/Salt
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Shell Script Detected
Shell Script Detected
CWE-200
, 
ISO27001-A.8.1.1
, 
WASC-13
, 
Information
TorchServe Management API Publicly Exposed
TorchServe Management API Publicly Exposed
CAPEC-212
, 
CWE-200
, 
HIPAA-164.312(a)(1)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.8
, 
WASC-14
, 
High
Unknown Option Used In Referrer-Policy
Unknown Option Used In Referrer-Policy
CWE-200
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A6
, 
OWASP 2017-A6
, 
Information
Version Disclosure (Varnish)
Version Disclosure (Varnish)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Low
Windows Username Disclosure
Windows Username Disclosure
CAPEC-118
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.5
, 
WASC-13
, 
Low