Total
1106 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2002 | 2026-04-15 | N/A | 6.0 MEDIUM | ||
| CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device. | |||||
| CVE-2025-49009 | 2026-04-15 | N/A | 6.2 MEDIUM | ||
| Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in `FacebookAuthFilter.java` results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access token in plain text. Since WARN-level logs are often retained in production and accessible to operators or log aggregation systems, this poses a risk of token exposure. Version 1.50.8 fixes the issue. | |||||
| CVE-2024-12057 | 2026-04-15 | N/A | N/A | ||
| User credentials (login & password) are inserted into log files when a user tries to authenticate using a version of a Web client that is not compatible with that of the PcVue Web back end. By exploiting this vulnerability, an attacker could retrieve the credentials of a user by accessing the Log File. Successful exploitation of this vulnerability could lead to unauthorized access to the application. | |||||
| CVE-2025-8864 | 2026-04-15 | N/A | N/A | ||
| Shared Access Signature token is not masked in the backup configuration response and is also exposed in the yb_backup logs | |||||
| CVE-2025-24520 | 2026-04-15 | N/A | 3.3 LOW | ||
| Insertion of sensitive information into log file for some Intel(R) Local Manageability Service software before version 2514.7.16.0 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2025-1696 | 2026-04-15 | N/A | N/A | ||
| A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was written to log files in clear text whenever an HTTP GET request was made through a proxy. An attacker with read access to these logs could obtain the proxy information and leverage it for further attacks or unauthorized access. Starting with version 4.39.0, Docker Desktop no longer logs the proxy string, thereby mitigating this risk. | |||||
| CVE-2025-1979 | 2026-04-15 | N/A | 6.4 MEDIUM | ||
| Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the password. This is only exploitable if: 1) Logging is enabled; 2) Redis is using password authentication; 3) Those logs are accessible to an attacker, who can reach that redis instance. **Note:** It is recommended that anyone who is running in this configuration should update to the latest version of Ray, then rotate their redis password. | |||||
| CVE-2022-35202 | 2026-04-15 | N/A | 5.1 MEDIUM | ||
| A security issue in Sitevision version 10.3.1 and older allows a remote attacker, in certain (non-default) scenarios, to gain access to the private keys used for signing SAML Authn requests. The underlying issue is a Java keystore that may become accessible and downloadable via WebDAV. This keystore is protected with a low-complexity, auto-generated password. | |||||
| CVE-2024-48852 | 2026-04-15 | N/A | 9.4 CRITICAL | ||
| Insertion of Sensitive Information into Log File vulnerability observed in FLEXON. Some information may be improperly disclosed through https access. This issue affects FLXEON through <= 9.3.4. | |||||
| CVE-2026-4788 | 1 Ibm | 1 Tivoli Netcool\/impact | 2026-04-14 | N/A | 8.4 HIGH |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user. | |||||
| CVE-2026-34487 | 1 Apache | 1 Tomcat | 2026-04-14 | N/A | 7.5 HIGH |
| Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue. | |||||
| CVE-2026-28261 | 1 Dell | 2 Elastic Cloud Storage, Objectscale | 2026-04-13 | N/A | 7.8 HIGH |
| Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to secret exposure. The attacker may be able to use the exposed secret to access the vulnerable system with privileges of the compromised account. | |||||
| CVE-2025-4090 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-13 | N/A | 5.3 MEDIUM |
| A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability was fixed in Firefox 138 and Thunderbird 138. | |||||
| CVE-2019-25683 | 1 Filezilla-project | 1 Filezilla Client | 2026-04-09 | N/A | 6.2 MEDIUM |
| FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and 'CCCC' sequences in the search directory field and initiating a local search operation. | |||||
| CVE-2024-13818 | 1 Genetechsolutions | 1 Pie Register | 2026-04-08 | N/A | 5.3 MEDIUM |
| The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.4 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files. | |||||
| CVE-2024-2302 | 1 Awesomemotive | 1 Easy Digital Downloads | 2026-04-08 | N/A | 5.3 MEDIUM |
| The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the debug log via Directory Listing. This file may include PII. | |||||
| CVE-2025-6391 | 1 Broadcom | 1 Brocade Active Support Connectivity Gateway | 2026-04-06 | N/A | 9.1 CRITICAL |
| Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure. | |||||
| CVE-2026-4819 | 1 Search-guard | 1 Flx | 2026-04-03 | N/A | 4.9 MEDIUM |
| In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana. | |||||
| CVE-2026-20663 | 1 Apple | 2 Ipados, Iphone Os | 2026-04-02 | N/A | 3.3 LOW |
| The issue was resolved by sanitizing logging. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to enumerate a user's installed apps. | |||||
| CVE-2025-46277 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-04-02 | N/A | 3.3 LOW |
| A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, watchOS 26.2. An app may be able to access a user’s Safari history. | |||||