Base64 Disclosure
- Risk:
Informational
- Type:
- Passive
- CWE:
- CWE-200
- Summary
Base64 encoded data was disclosed by the application/web server. Note: in the interests of performance not all base64 strings in the response were analyzed individually, the entire response should be looked at by the analyst/security team/developer(s).
- Solution
Manually confirm that the Base64 data does not leak sensitive information, and that the data cannot be aggregated/used to exploit other vulnerabilities.
Windows 11 updates break localhost (127.0.0.1) HTTP/2 connections
Auction giant Sotheby’s says data breach exposed customer information
Have I Been Pwned: Prosper data breach impacts 17.6 million accounts
Hackers exploit Cisco SNMP flaw to deploy rootkit on switches
“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253)
Microsoft: Office 2016 and Office 2019 have reached end of support
Microsoft: Office 2016 and Office 2019 have reach end of support
Gladinet fixes actively exploited zero-day in file-sharing software
North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts
CVE-2021-43226 Microsoft Windows Privilege Escalation Vulnerability
CVE-2025-59230 Microsoft Windows Improper Access Control Vulnerability
CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability
CVE-2013-3918 Microsoft Windows Out-of-Bounds Write Vulnerability
CVE-2025-6264 Rapid7 Velociraptor Incorrect Default Permissions Vulnerability
CVE-2010-3765 Mozilla Multiple Products Remote Code Execution Vulnerability
CVE-2011-3402 Microsoft Windows Remote Code Execution Vulnerability
CVE-2017-3881 Cisco IOS and IOS XE Remote Code Execution Vulnerability
CVE-2023-50224 TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability
LowServer Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
InformationalCross Site Scripting (Persistent) - Prime
MediumWeb Cache Deception
MediumCSP: Wildcard Directive
InformationalCookie Poisoning
InformationalLoosely Scoped Cookie
Free online web security scanner