Information Disclosure - Debug Error Messages via WebSocket
- Risk:
Low
- Type:
- WebSocket Passive
- CWE:
- CWE-200
- Summary
The response appeared to contain common error messages returned by platforms such as ASP.NET, and Web-servers such as IIS and Apache. You can configure the list of common debug messages.
- Solution
Disable debugging messages before pushing to production.
Coinbase was primary target of recent GitHub Actions breaches
Oracle denies breach after hacker claims theft of 6 million data records
Fake Semrush ads used to steal SEO professionals’ Google accounts
Microsoft: Exchange Online bug mistakenly quarantines user emails
UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools
Steam pulls game demo infecting Windows with info-stealing malware
Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates
NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248)
China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
CVE-2025-30066 tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-24201 Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
CVE-2025-21590 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability
CVE-2025-26633 Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability
CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability
CVE-2025-24984 Microsoft Windows NTFS Information Disclosure Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives
HighPII Disclosure
CWE-916 Use of Password Hash With Insufficient Computational Effort
CWE-1050 Excessive Platform Resource Consumption within a Loop
MediumCWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE-210 Self-generated Error Message Containing Sensitive Information
CWE-526 Cleartext Storage of Sensitive Information in an Environment Variable
CWE-1232 Improper Lock Behavior After Power State Transition
CWE-939 Improper Authorization in Handler for Custom URL Scheme
Free online web security scanner