Total
978 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46752 | 2 Fortinet, Microsoft | 2 Fortidlp Agent, Windows | 2025-10-16 | N/A | 4.4 MEDIUM |
| A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5, 11.5.1, 11.4.6, 11.4.5 allows attacker to information disclosure via re-using the enrollment code. | |||||
| CVE-2025-10486 | 2025-10-16 | N/A | 5.3 MEDIUM | ||
| The Content Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.8 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files. | |||||
| CVE-2025-20329 | 2025-10-16 | N/A | 4.9 MEDIUM | ||
| A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability exists because certain unencrypted credentials are stored when SIP media component logging is enabled. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials to which they may not normally have access. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the Webex Cloud or stored on the device itself, an attacker must have valid administrative credentials. | |||||
| CVE-2025-31514 | 1 Fortinet | 2 Fortios, Fortiproxy | 2025-10-15 | N/A | 2.7 LOW |
| An Insertion of Sensitive Information into Log File vulnerability [CWE-532] in FortiOS 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an attacker with at least read-only privileges to retrieve sensitive 2FA-related information via observing logs or via diagnose command. | |||||
| CVE-2025-37727 | 2025-10-14 | N/A | 5.7 MEDIUM | ||
| Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex | |||||
| CVE-2024-39460 | 1 Jenkins | 1 Bitbucket Branch Source | 2025-10-10 | N/A | 4.3 MEDIUM |
| Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases. | |||||
| CVE-2025-51497 | 1 Adguard | 1 Adguard For Safari | 2025-10-09 | N/A | 5.5 MEDIUM |
| An issue was discovered in AdGuard plugin before 1.11.22 for Safari on MacOS. AdGaurd verbosely logged each url that Safari accessed when the plugin was active. These logs went into the MacOS general logs for any unsandboxed process to read. This may be disabled in version 1.11.22. | |||||
| CVE-2025-10645 | 2025-10-08 | N/A | 5.3 MEDIUM | ||
| The WP Reset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.05 via the WF_Licensing::log() method when debugging is enabled (default). This makes it possible for unauthenticated attackers to extract sensitive license key and site data. | |||||
| CVE-2025-10221 | 2025-10-08 | N/A | 5.5 MEDIUM | ||
| Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in AxxonSoft Axxon One / AxxonNet / C-WerkNet 2.0.4 and earlier on Windows platforms allows a local attacker to obtain plaintext credentials via reading TRACE log files containing serialized JSON with passwords. | |||||
| CVE-2025-6711 | 1 Mongodb | 1 Mongodb | 2025-10-03 | N/A | 4.4 MEDIUM |
| An issue has been identified in MongoDB Server where unredacted queries may inadvertently appear in server logs when certain error conditions are encountered. This issue affects MongoDB Server v8.0 versions prior to 8.0.5, MongoDB Server v7.0 versions prior to 7.0.18 and MongoDB Server v6.0 versions prior to 6.0.21. | |||||
| CVE-2025-36144 | 1 Ibm | 1 Watsonx.data | 2025-10-03 | N/A | 3.3 LOW |
| IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user. | |||||
| CVE-2023-50301 | 1 Ibm | 1 Transformation Extender Advanced | 2025-10-03 | N/A | 1.9 LOW |
| IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user. | |||||
| CVE-2025-34188 | 3 Apple, Linux, Vasion | 4 Macos, Linux Kernel, Virtual Appliance Application and 1 more | 2025-10-02 | N/A | 7.8 HIGH |
| Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local logging mechanism. Authentication session tokens, including PHPSESSID, XSRF-TOKEN, and laravel_session, are stored in cleartext within world-readable log files. Any local user with access to the machine can extract these session tokens and use them to authenticate remotely to the SaaS environment, bypassing normal login credentials, potentially leading to unauthorized system access and exposure of sensitive information. This vulnerability has been identified by the vendor as: V-2022-008 — Secrets Leaked in Logs. | |||||
| CVE-2025-43485 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | N/A | 4.5 MEDIUM |
| A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could potentially allow a privileged user to retrieve credentials from the log files. HP has addressed the issue in the latest software update. | |||||
| CVE-2025-32054 | 1 Jetbrains | 1 Intellij Idea | 2025-09-30 | N/A | 3.3 LOW |
| In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file | |||||
| CVE-2024-52009 | 1 Runatlantis | 1 Atlantis | 2025-09-29 | N/A | 9.8 CRITICAL |
| Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Atlantis logs contains GitHub credentials (tokens `ghs_...`) when they are rotated. This enables an attacker able to read these logs to impersonate Atlantis application and to perform actions on GitHub. When Atlantis is used to administer a GitHub organization, this enables getting administration privileges on the organization. This was reported in #4060 and fixed in #4667 . The fix was included in Atlantis v0.30.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-37283 | 1 Elastic | 1 Elastic Agent | 2025-09-29 | N/A | 6.5 MEDIUM |
| An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs. | |||||
| CVE-2024-34715 | 1 Ethyca | 1 Fides | 2025-09-27 | N/A | 2.3 LOW |
| Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as `@` and `$`, webserver startup fails and the part of the password following the special character is exposed in webserver error logs. This is caused by improper escaping of the SQLAlchemy password string. As a result users are subject to a partial exposure of hosted database password in webserver logs. The vulnerability has been patched in Fides version `2.37.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-9985 | 2025-09-26 | N/A | 5.3 MEDIUM | ||
| The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files. | |||||
| CVE-2025-1053 | 1 Broadcom | 1 Brocade Sannav | 2025-09-26 | N/A | 4.9 MEDIUM |
| Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Brocade SANnav. | |||||