Total
954 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0495 | 2025-03-17 | N/A | N/A | ||
| Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command. OpenTelemetry traces are also saved in BuildKit daemon's history records. This vulnerability does not impact secrets passed to the Github cache backend via environment variables or registry authentication. | |||||
| CVE-2024-7421 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-17 | N/A | 5.5 MEDIUM |
| An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions | |||||
| CVE-2024-57957 | 1 Huawei | 1 Harmonyos | 2025-03-17 | N/A | 6.6 MEDIUM |
| Vulnerability of improper log information control in the UI framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-25654 | 1 Avsystem | 1 Unified Management Platform | 2025-03-14 | N/A | 5.5 MEDIUM |
| Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database. | |||||
| CVE-2025-24984 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-03-13 | N/A | 4.6 MEDIUM |
| Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack. | |||||
| CVE-2024-42056 | 1 Retool | 1 Retool | 2025-03-13 | N/A | 6.5 MEDIUM |
| Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered (by an authenticated attacker) via the /api/resources endpoint. The earliest affected version is 3.18.1. | |||||
| CVE-2024-38460 | 1 Sonarsource | 1 Sonarqube | 2025-03-13 | N/A | 4.9 MEDIUM |
| In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs, etc). | |||||
| CVE-2025-2002 | 2025-03-12 | N/A | 6.0 MEDIUM | ||
| CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device. | |||||
| CVE-2025-0736 | 2025-03-12 | N/A | 5.5 MEDIUM | ||
| A flaw was found in Infinispan, when using JGroups with JDBC_PING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and exploitation by malicious actors. | |||||
| CVE-2023-23505 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-03-11 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, iOS 15.7.3 and iPadOS 15.7.3, iOS 16.3 and iPadOS 16.3. An app may be able to access information about a user’s contacts. | |||||
| CVE-2023-46171 | 1 Ibm | 2 Ds8900f, Ds8900f Firmware | 2025-03-11 | N/A | 4.3 MEDIUM |
| IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to view sensitive log information after enumerating filenames. IBM X-Force ID: 269408. | |||||
| CVE-2025-0071 | 2025-03-11 | N/A | 4.9 MEDIUM | ||
| SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. There is no impact on integrity or availability. | |||||
| CVE-2025-1296 | 2025-03-10 | N/A | 6.5 MEDIUM | ||
| Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19. | |||||
| CVE-2025-1979 | 2025-03-06 | N/A | 6.4 MEDIUM | ||
| Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the password. This is only exploitable if: 1) Logging is enabled; 2) Redis is using password authentication; 3) Those logs are accessible to an attacker, who can reach that redis instance. **Note:** It is recommended that anyone who is running in this configuration should update to the latest version of Ray, then rotate their redis password. | |||||
| CVE-2025-1696 | 2025-03-06 | N/A | N/A | ||
| A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was written to log files in clear text whenever an HTTP GET request was made through a proxy. An attacker with read access to these logs could obtain the proxy information and leverage it for further attacks or unauthorized access. Starting with version 4.39.0, Docker Desktop no longer logs the proxy string, thereby mitigating this risk. | |||||
| CVE-2024-28072 | 1 Solarwinds | 1 Serv-u | 2025-02-25 | N/A | 5.7 MEDIUM |
| A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly. | |||||
| CVE-2024-13818 | 1 Genetechsolutions | 1 Pie Register | 2025-02-25 | N/A | 5.3 MEDIUM |
| The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.3.9 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files. | |||||
| CVE-2024-13416 | 2025-02-21 | N/A | 4.3 MEDIUM | ||
| Using API in the 2N OS device, authorized user can enable logging, which discloses valid authentication tokens in system log. 2N has released an updated version 2.46 of 2N OS, where this vulnerability is mitigated. It is recommended that all customers update their devices to the latest 2N OS. | |||||
| CVE-2023-25721 | 1 Veracode | 1 Veracode | 2025-02-19 | N/A | 6.5 MEDIUM |
| Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using proxy" option is enabled and configured with proxy credentials and when the Jenkins global system setting debug is enabled and when a scan is configured for remote agent jobs, allows users (with access to view the job log) to discover proxy credentials. | |||||
| CVE-2022-48228 | 1 Gbgplc | 1 Acuant Asureid Sentinel | 2025-02-14 | N/A | 5.5 MEDIUM |
| An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It uses the root of the C: drive for the i-Dentify and Sentinel Installer log files, aka CORE-7362. | |||||