Total
1030 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-2605 | 1 Tanium | 1 Tanos | 2026-02-20 | N/A | 5.3 MEDIUM |
| Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS. | |||||
| CVE-2024-25959 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | N/A | 7.9 HIGH |
| Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges. | |||||
| CVE-2023-32491 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | N/A | 6.3 MEDIUM |
| Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2026-20138 | 1 Splunk | 1 Splunk | 2026-02-20 | N/A | 6.8 MEDIUM |
| In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the Splunk `_internal` index could view the `integrationKey`, `secretKey`, and `appSecretKey` secrets, generated by [Duo Two-Factor Authentication for Splunk Enterprise](https://duo.com/docs/splunk), in plain text. | |||||
| CVE-2026-1292 | 2026-02-20 | N/A | 6.5 MEDIUM | ||
| Tanium addressed an insertion of sensitive information into log file vulnerability in Trends. | |||||
| CVE-2026-2350 | 2026-02-20 | N/A | 6.5 MEDIUM | ||
| Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS. | |||||
| CVE-2026-20142 | 2026-02-19 | N/A | 6.8 MEDIUM | ||
| In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the Splunk `_internal` index could view the RSA `accessKey` value from the [<u>Authentication.conf</u> ](https://help.splunk.com/en/splunk-enterprise/administer/admin-manual/10.2/configuration-file-reference/10.2.0-configuration-file-reference/authentication.conf)file, in plain text. | |||||
| CVE-2026-20144 | 2026-02-19 | N/A | 6.8 MEDIUM | ||
| In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured. | |||||
| CVE-2026-25846 | 1 Jetbrains | 1 Youtrack | 2026-02-18 | N/A | 6.5 MEDIUM |
| In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs | |||||
| CVE-2026-25813 | 1 Prasklatechnology | 1 Placipy | 2026-02-18 | N/A | 7.5 HIGH |
| PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction. | |||||
| CVE-2026-22038 | 1 Agpt | 1 Autogpt Platform | 2026-02-17 | N/A | 8.1 HIGH |
| AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using logger.info() statements. This occurs in three separate block implementations (StagehandObserveBlock, StagehandActBlock, and StagehandExtractBlock) where the code explicitly calls api_key.get_secret_value() and logs the result. This issue has been patched in autogpt-platform-beta-v0.6.46. | |||||
| CVE-2025-11547 | 1 Axis | 1 Camera Station Pro | 2026-02-17 | N/A | 7.8 HIGH |
| AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user. | |||||
| CVE-2026-20646 | 1 Apple | 1 Macos | 2026-02-13 | N/A | 3.3 LOW |
| A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to read sensitive location information. | |||||
| CVE-2025-66411 | 1 Coder | 1 Coder | 2026-02-13 | N/A | 7.8 HIGH |
| Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access to the Coder Workspace (VM, K8s Pod etc.) or a third-party system (SIEM, logging stack) could access those logs. This vulnerability is fixed in 2.26.5, 2.27.7, and 2.28.4. | |||||
| CVE-2026-20663 | 1 Apple | 2 Ipados, Iphone Os | 2026-02-12 | N/A | 3.3 LOW |
| The issue was resolved by sanitizing logging. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An app may be able to enumerate a user's installed apps. | |||||
| CVE-2026-21222 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-02-11 | N/A | 5.5 MEDIUM |
| Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. | |||||
| CVE-2026-1495 | 2026-02-10 | N/A | 6.5 MEDIUM | ||
| The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server. | |||||
| CVE-2025-15332 | 1 Tanium | 1 Threat Response | 2026-02-10 | N/A | 4.9 MEDIUM |
| Tanium addressed an information disclosure vulnerability in Threat Response. | |||||
| CVE-2026-25918 | 2026-02-10 | N/A | N/A | ||
| unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via JSON.stringify without sanitization, exposing secrets to shell history, CI/CD logs, and log aggregation systems. This vulnerability is fixed in 1.8.2. | |||||
| CVE-2026-22782 | 1 Rustfs | 1 Rustfs | 2026-02-09 | N/A | 7.5 HIGH |
| RustFS is a distributed object storage system built in Rust. From >= 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signatures cause the server to log the shared HMAC secret (and expected signature), which exposes the secret to log readers and enables forged RPC calls. In crates/ecstore/src/rpc/http_auth.rs, the invalid signature branch logs sensitive data. This log line includes secret and expected_signature, both derived from the shared HMAC key. Any invalidly signed request triggers this path. The function is reachable from RPC and admin request handlers. This vulnerability is fixed in 1.0.0-alpha.80. | |||||