Total
1106 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11604 | 2026-03-30 | N/A | N/A | ||
| Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain sensitive information via access to log files. This issue affects IDM SCIM Driver: 1.0.0.0000 through 1.0.1.0300 and 1.1.0.0000. | |||||
| CVE-2026-20668 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-03-25 | N/A | 5.5 MEDIUM |
| A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, visionOS 26.3. An app may be able to access sensitive user data. | |||||
| CVE-2026-28868 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-03-25 | N/A | 5.5 MEDIUM |
| A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. An app may be able to disclose kernel memory. | |||||
| CVE-2026-20165 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2026-03-24 | N/A | 6.3 MEDIUM |
| In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspecting the job's search log due to improper access control in the MongoClient logging channel. | |||||
| CVE-2026-32598 | 1 Hackerbay | 1 Oneuptime | 2026-03-17 | N/A | 6.5 MEDIUM |
| OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs (log aggregation, Docker logs, Kubernetes pod logs) can intercept reset tokens and perform account takeover on any user. This vulnerability is fixed in 10.0.24. | |||||
| CVE-2023-25164 | 1 Ssw | 1 Tinacms\/cli | 2026-03-13 | N/A | 8.6 HIGH |
| Tinacms is a Git-backed headless content management system with support for visual editing. Sites being built with @tinacms/cli >= 1.0.0 && < 1.0.9 which store sensitive values in the process.env variable are impacted. These values will be added in plaintext to the index.js file. If you're on a version prior to 1.0.0 this vulnerability does not affect you. If you are affected and your Tina-enabled website has sensitive credentials stored as environment variables (eg. Algolia API keys) you should rotate those keys immediately. This issue has been patched in @tinacms/cli@1.0.9. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2026-0520 | 2026-03-12 | N/A | 2.8 LOW | ||
| A potential vulnerability was reported in the Lenovo FileZ Android application that, under certain conditions, could allow a local authenticated user to retrieve some sensitive data stored in a log file. | |||||
| CVE-2026-27900 | 1 Terraform | 1 Linode Provider | 2026-03-11 | N/A | 5.0 MEDIUM |
| The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider debug logging is not enabled by default. This issue is exposed when debug/provider logs are explicitly enabled (for example in local troubleshooting, CI/CD jobs, or centralized log collection). If enabled, sensitive values may be written to logs and then retained, shared, or exported beyond the original execution environment. An authenticated user with access to provider debug logs (through log aggregation systems, CI/CD pipelines, or debug output) would thus be able to extract these sensitive credentials. Versions 3.9.0 and later sanitize debug logs by logging only non-sensitive metadata such as labels, regions, and resource IDs while redacting credentials, tokens, keys, scripts, and other sensitive content. Some other mitigations and workarounds are available. Disable Terraform/provider debug logging or set it to `WARN` level or above, restrict access to existing and historical logs, purge/retention-trim logs that may contain sensitive values, and/or rotate potentially exposed secrets/credentials. | |||||
| CVE-2025-27555 | 1 Apache | 1 Airflow | 2026-03-11 | N/A | 6.5 MEDIUM |
| Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.11.1 or a later version, which addresses this issue. Users who previously used the CLI to set connections should manually delete entries with those connection sensitive values from the log table. This is similar but not the same issue as CVE-2024-50378 | |||||
| CVE-2026-24308 | 1 Apache | 1 Zookeeper | 2026-03-10 | N/A | 7.5 HIGH |
| Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential production systems affected by the issue. Users are recommended to upgrade to version 3.8.6 or 3.9.5 which fixes this issue. | |||||
| CVE-2026-21786 | 1 Hcltech | 1 Sametime | 2026-03-09 | N/A | 3.3 LOW |
| HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs. | |||||
| CVE-2026-22798 | 1 Software-metadata.pub | 1 Hermes | 2026-03-08 | N/A | 5.9 MEDIUM |
| hermes is an implementation of the HERMES workflow to automatize software publication with rich metadata. From 0.8.1 to before 0.9.1, hermes subcommands take arbitrary options under the -O argument. These have been logged in raw form. If users provide sensitive data such as API tokens (e.g., via hermes deposit -O invenio_rdm.auth_token SECRET), these are written to the log file in plain text, making them available to whoever can access the log file. This vulnerability is fixed in 0.9.1. | |||||
| CVE-2025-48635 | 1 Google | 1 Android | 2026-03-06 | N/A | 7.7 HIGH |
| In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-62879 | 1 Suse | 1 Rancher Backup And Restore Operator | 2026-03-05 | N/A | 6.8 MEDIUM |
| A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs. | |||||
| CVE-2026-1265 | 1 Ibm | 1 Infosphere Information Server | 2026-03-04 | N/A | 4.3 MEDIUM |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file. | |||||
| CVE-2026-25918 | 1 Rageagainstthepixel | 1 Unity-cli | 2026-02-28 | N/A | 5.5 MEDIUM |
| unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via JSON.stringify without sanitization, exposing secrets to shell history, CI/CD logs, and log aggregation systems. This vulnerability is fixed in 1.8.2. | |||||
| CVE-2026-1292 | 1 Tanium | 1 Trends | 2026-02-27 | N/A | 6.5 MEDIUM |
| Tanium addressed an insertion of sensitive information into log file vulnerability in Trends. | |||||
| CVE-2026-2350 | 1 Tanium | 1 Interact | 2026-02-27 | N/A | 6.5 MEDIUM |
| Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS. | |||||
| CVE-2025-0976 | 3 Hitachi, Linux, Microsoft | 4 Configuration Manager, Ops Center Api Configuration Manager, Linux Kernel and 1 more | 2026-02-27 | N/A | 4.7 MEDIUM |
| Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.4-00; Hitachi Configuration Manager: from 8.6.1-00 before 11.0.5-00. | |||||
| CVE-2025-5781 | 3 Hitachi, Linux, Microsoft | 5 Configuration Manager, Device Manager, Ops Center Api Configuration Manager and 2 more | 2026-02-27 | N/A | 5.2 MEDIUM |
| Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, Hitachi Device Manager allows Session Hijacking.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.5-00; Hitachi Configuration Manager: from 8.5.1-00 before 11.0.5-00; Hitachi Device Manager: from 8.4.1-00 before 8.6.5-00. | |||||