Total
1106 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6451 | 1 Meowapps | 1 Ai Engine | 2025-05-27 | N/A | 7.2 HIGH |
| AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. The AI Engine WordPress plugin before 2.5.1 fails to validate the file extension of "logs_path", allowing Administrators to change log filetypes from .log to .php. | |||||
| CVE-2021-36340 | 1 Dell | 1 Secure Connect Gateway | 2025-05-23 | 2.1 LOW | 7.8 HIGH |
| Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it. | |||||
| CVE-2022-32217 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | N/A | 5.3 MEDIUM |
| A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs. | |||||
| CVE-2022-23716 | 1 Elastic | 1 Elastic Cloud Enterprise | 2025-05-21 | N/A | 5.3 MEDIUM |
| A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster. | |||||
| CVE-2025-31139 | 1 Jetbrains | 1 Teamcity | 2025-05-16 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log | |||||
| CVE-2025-46432 | 1 Jetbrains | 1 Teamcity | 2025-05-16 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs | |||||
| CVE-2022-3293 | 1 Gitlab | 1 Gitlab | 2025-05-13 | N/A | 3.5 LOW |
| Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 | |||||
| CVE-2023-6064 | 1 Payhere | 1 Payhere Payment Gateway | 2025-05-13 | N/A | 7.5 HIGH |
| The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions occur. | |||||
| CVE-2025-46329 | 1 Snowflake | 1 Connector For C\/c\+\+ | 2025-05-09 | N/A | 3.3 LOW |
| libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. This issue has been patched in version 2.2.0. | |||||
| CVE-2022-31684 | 1 Pivotal | 1 Reactor Netty | 2025-05-09 | N/A | 4.3 MEDIUM |
| Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled. | |||||
| CVE-2023-50740 | 1 Apache | 1 Linkis | 2025-05-07 | N/A | 5.3 MEDIUM |
| In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0 | |||||
| CVE-2022-3018 | 1 Gitlab | 1 Gitlab | 2025-05-07 | N/A | 6.8 MEDIUM |
| An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs. | |||||
| CVE-2022-3499 | 1 Tenable | 1 Nessus | 2025-05-05 | N/A | 6.5 MEDIUM |
| An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present. | |||||
| CVE-2024-23758 | 1 Unisys | 1 Stealth | 2025-05-02 | N/A | 7.5 HIGH |
| An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information via the Enterprise ManagementInstaller_msi.log file. | |||||
| CVE-2023-43261 | 1 Milesight | 12 Ur32, Ur32 Firmware, Ur32l and 9 more | 2025-05-01 | N/A | 7.5 HIGH |
| An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components. | |||||
| CVE-2022-43673 | 1 Wire | 1 Wire | 2025-04-30 | N/A | 4.7 MEDIUM |
| Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppData\Roaming\Wire\IndexedDB\https_app.wire.com_0.indexeddb.leveldb database. | |||||
| CVE-2022-2721 | 1 Octopus | 1 Octopus Server | 2025-04-25 | N/A | 7.5 HIGH |
| In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled. | |||||
| CVE-2022-38756 | 1 Microfocus | 1 Groupwise | 2025-04-18 | N/A | 4.3 MEDIUM |
| A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies. | |||||
| CVE-2024-55578 | 1 Zammad | 1 Zammad | 2025-04-15 | N/A | 4.3 MEDIUM |
| Zammad before 6.4.1 places sensitive data (such as auth_microsoft_office365_credentials and application_secret) in log files. | |||||
| CVE-2023-36494 | 1 F5 | 1 F5os-a | 2025-04-15 | N/A | 4.4 MEDIUM |
| Audit logs on F5OS-A may contain undisclosed sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||