threat
engine
.sh
Back
·
··:··
Home
/
CWE
/
Insertion of Sensitive Information into Log File
Weakness
Insertion of Sensitive Information into Log File
CWE-532 · Base · Incomplete
The product writes sensitive information to a log file.
△
Weakness Relationships
Where this weakness sits in the CWE hierarchy. Walk up to broader classes or down to more specific variants.
Parent of this (broader)
ChildOf
CWE-200 · Exposure of Sensitive Information to an Unauthorized Actor
ChildOf
CWE-538 · Insertion of Sensitive Information into Externally-Accessible File or Directory
◆
Attack Patterns (CAPEC)
1
How adversaries exploit this weakness, per MITRE CAPEC.
CAPEC-215
Fuzzing for application mapping
⚠
CVEs With This Weakness
1,391
A sample of the 1,391 CVEs tagged with this weakness.
CVE
CVE-2026-8200
CVE
CVE-2026-7824
CVE
CVE-2026-4957
CVE
CVE-2026-4957
CVE
CVE-2026-4901
CVE
CVE-2026-4819
CVE
CVE-2026-4788
CVE
CVE-2026-44516
CVE
CVE-2026-44479
CVE
CVE-2026-43992
CVE
CVE-2026-43826
CVE
CVE-2026-42282
◉
Nuclei Scanner Templates
10
Open-source Nuclei templates that detect this weakness class - an actionable scan-for-it pivot. Licensed under the ProjectDiscovery / Nuclei terms.
high
WordPress Hummingbird <= 3.18.0 - Sensitive Information Exposure via Log File
high
SMTP WP Plugin Directory Listing
high
Milesight Routers - Information Disclosure
high
Cisco Smart Licensing Utility UnAuthenticated Logs Exposure Leaking Plaintext Credentials
high
LiteSpeed Cache <= 6.4.1 - Sensitive Information Exposure
medium
WordPress Easy WP SMTP - Log Exposure
medium
WordPress NextGEN Gallery Pro - Error Log Disclosure
medium
All-in-One WP Migration < 7.87 - Unauthenticated Information Disclosure
medium
WordPress WP Security Audit Log 3.1.1 - Information Disclosure
medium
Bitrix Site Manager - Log File Disclosure
External lookups - second-class, for what we don’t hold ourselves
MITRE CWE
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin