Total
1106 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-40603 | 1 Sonicwall | 6 Sma 210, Sma 210 Firmware, Sma 410 and 3 more | 2025-11-06 | N/A | 4.5 MEDIUM |
| A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data. | |||||
| CVE-2025-62232 | 1 Apache | 1 Apisix | 2025-11-05 | N/A | 7.5 HIGH |
| Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: https://github.com/apache/apisix/pull/12629 Users are recommended to upgrade to version 3.14, which fixes this issue. | |||||
| CVE-2023-42937 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-11-04 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. An app may be able to access sensitive user data. | |||||
| CVE-2024-54484 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 5.5 MEDIUM |
| The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data. | |||||
| CVE-2023-44483 | 1 Apache | 1 Santuario Xml Security For Java | 2025-11-03 | N/A | 6.5 MEDIUM |
| All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue. | |||||
| CVE-2021-32050 | 1 Mongodb | 5 C\+\+, C Driver, Node.js and 2 more | 2025-11-03 | N/A | 4.2 MEDIUM |
| Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default). This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0). | |||||
| CVE-2022-22939 | 1 Vmware | 1 Cloud Foundation | 2025-10-31 | 4.0 MEDIUM | 4.9 MEDIUM |
| VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files. | |||||
| CVE-2025-59197 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-30 | N/A | 5.5 MEDIUM |
| Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally. | |||||
| CVE-2023-21492 | 1 Samsung | 1 Android | 2025-10-28 | N/A | 4.4 MEDIUM |
| Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR. | |||||
| CVE-2025-11248 | 1 Zohocorp | 1 Manageengine Endpoint Central | 2025-10-28 | N/A | 3.2 LOW |
| ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token. | |||||
| CVE-2025-62513 | 1 Openbao | 1 Openbao | 2025-10-27 | N/A | 7.5 HIGH |
| OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted (HMAC'd). This impacts those using the ACME functionality of PKI, resulting in short-lived ACME verification challenge codes being leaked in the audit logs. Additionally, this impacts those using the OIDC issuer functionality of the identity subsystem, auth and token response codes along with claims could be leaked in the audit logs. ACME verification codes are not usable after verification or challenge expiry so are of limited long-term use. This issue has been patched in OpenBao 2.4.2. | |||||
| CVE-2025-62705 | 1 Openbao | 1 Openbao | 2025-10-27 | N/A | 4.9 MEDIUM |
| OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent []byte response parameters rather than strings. This includes, but is not limited to sys/raw with use of encoding=base64, all data would be emitted unredacted to the audit log, and Transit, when performing a signing operation with a derived Ed25519 key, would emit public keys to the audit log. This issue has been patched in OpenBao 2.4.2. | |||||
| CVE-2025-24984 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-27 | N/A | 4.6 MEDIUM |
| Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack. | |||||
| CVE-2025-47979 | 1 Microsoft | 2 Windows Server 2022 23h2, Windows Server 2025 | 2025-10-20 | N/A | 5.5 MEDIUM |
| Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-59258 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2025-10-20 | N/A | 6.2 MEDIUM |
| Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2025-43888 | 1 Dell | 1 Powerprotect Data Manager | 2025-10-20 | N/A | 8.8 HIGH |
| Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. | |||||
| CVE-2025-59203 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-17 | N/A | 5.5 MEDIUM |
| Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-46752 | 2 Fortinet, Microsoft | 2 Fortidlp Agent, Windows | 2025-10-16 | N/A | 4.4 MEDIUM |
| A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5, 11.5.1, 11.4.6, 11.4.5 allows attacker to information disclosure via re-using the enrollment code. | |||||
| CVE-2025-31514 | 1 Fortinet | 2 Fortios, Fortiproxy | 2025-10-15 | N/A | 2.7 LOW |
| An Insertion of Sensitive Information into Log File vulnerability [CWE-532] in FortiOS 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an attacker with at least read-only privileges to retrieve sensitive 2FA-related information via observing logs or via diagnose command. | |||||
| CVE-2024-39460 | 1 Jenkins | 1 Bitbucket Branch Source | 2025-10-10 | N/A | 4.3 MEDIUM |
| Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases. | |||||