CWE-202Exposure of Sensitive Information Through Data Queries

Abstraction: Base · CVEs in our corpus: 34

When trying to keep information confidential, an attacker can often infer some of the information by using statistics.

In situations where data should not be tied to individual users, but a large number of users should be able to make queries that "scrub" the identity of users, it may be possible to get information about a user -- e.g., by specifying search terms that are known to be unique to that user.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (0)AI

Control	Title	Family	Why it addresses this CWE
No NIST controls proposed yet.

Top CVEs of this weakness type, ranked by Risk Priority

CVE	Risk	CVSS	EPSS	Published
`CVE-2025-59352`	2.0	9.8	0.0138	2025-09-17
`CVE-2021-32743`	1.8	8.8	0.0035	2021-07-15
`CVE-2025-69200`	1.8	7.5	0.0532	2025-12-29
`CVE-2025-68456`	1.8	9.1	0.0022	2026-01-05
`CVE-2024-2088`	1.7	8.5	0.0043	2024-05-22
`CVE-2025-25205`	1.7	8.2	0.0063	2025-02-12
`CVE-2023-7072`	1.6	7.5	0.0101	2024-03-12
`CVE-2022-41623`	1.5	7.5	0.0054	2022-10-14
`CVE-2023-1625`	1.5	7.4	0.0015	2023-09-24
`CVE-2024-6400`	1.5	7.5	0.0008	2024-10-04
`CVE-2024-13255`	1.5	7.5	0.0018	2025-01-09
`CVE-2025-29981`	1.5	7.5	0.0035	2025-04-02
`CVE-2025-36575`	1.5	7.5	0.0035	2025-06-10
`CVE-2026-33530`	1.5	7.7	0.0004	2026-03-26
`CVE-2026-30778`	1.5	7.5	0.0004	2026-04-15
`CVE-2026-40245`	1.5	7.5	0.0008	2026-04-16
`CVE-2019-19000`	1.3	6.5	0.0021	2020-04-02
`CVE-2022-20747`	1.3	6.5	0.0020	2022-04-15
`CVE-2022-20810`	1.3	6.5	0.0019	2022-09-30
`CVE-2024-38892`	1.3	6.5	0.0011	2024-06-24
`CVE-2024-1287`	1.3	6.5	0.0068	2024-07-30
`CVE-2023-20215`	1.2	5.8	0.0008	2023-08-03
`CVE-2021-1372`	1.1	5.5	0.0008	2021-02-17
`CVE-2024-38895`	1.1	5.3	0.0014	2024-06-24
`CVE-2024-38897`	1.1	5.3	0.0031	2024-06-24