Total
1106 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24556 | 2026-04-29 | N/A | 7.5 HIGH | ||
| Insertion of Sensitive Information into Log File vulnerability in DualCube MooWoodle moowoodle allows Retrieve Embedded Sensitive Data.This issue affects MooWoodle: from n/a through <= 3.2.4. | |||||
| CVE-2011-1943 | 2 Fedoraproject, Gnome | 2 Fedora, Networkmanager | 2026-04-29 | 2.1 LOW | N/A |
| The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file. | |||||
| CVE-2013-6384 | 1 Openstack | 1 Ceilometer | 2026-04-29 | 1.9 LOW | N/A |
| (1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB password) by reading the log file. | |||||
| CVE-2024-11193 | 2026-04-29 | N/A | 6.5 MEDIUM | ||
| An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access to these logs to view the LDAP bind password. An attacker with log access could exploit this vulnerability to gain unauthorized access to the LDAP server, leading to potential exposure or compromise of LDAP-managed resources This issue affects YugabyteDB Anywhere: from 2.20.0.0 before 2.20.7.0, from 2.23.0.0 before 2.23.1.0, from 2024.1.0.0 before 2024.1.3.0. | |||||
| CVE-2024-38862 | 1 Checkmk | 1 Checkmk | 2026-04-29 | N/A | 4.4 MEDIUM |
| Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators. | |||||
| CVE-2025-54376 | 1 Hoverfly | 1 Hoverfly | 2026-04-29 | N/A | 7.5 HIGH |
| Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can stream real-time application logs (information disclosure) and/or gain insight into internal file paths, request/response bodies, and other potentially sensitive data emitted in logs. Version 1.12.0 contains a fix for the issue. | |||||
| CVE-2025-6624 | 1 Snyk | 1 Snyk Cli | 2026-04-29 | N/A | 7.2 HIGH |
| Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line arguments can be exposed when executing Snyk CLI in DEBUG or DEBUG/TRACE mode. The issue affects the following Snyk commands: 1. When snyk container test or snyk container monitor commands are run against a container registry, with debug mode enabled, the container registry credentials may be written into the local Snyk CLI debug log. This only happens with credentials specified in environment variables (SNYK_REGISTRY_USERNAME and SNYK_REGISTRY_PASSWORD), or in the CLI (--password/-p and --username/-u). 2. When snyk auth command is executed with debug mode enabled AND the log level is set to TRACE, the Snyk access / refresh credential tokens used to connect the CLI to Snyk may be written into the local CLI debug logs. 3. When snyk iac test is executed with a Remote IAC Custom rules bundle, debug mode enabled, AND the log level is set to TRACE, the docker registry token may be written into the local CLI debug logs. | |||||
| CVE-2025-67223 | 2026-04-28 | N/A | 7.5 HIGH | ||
| The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls to download sensitive documents containing PII. | |||||
| CVE-2024-37270 | 2026-04-28 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information into Log File vulnerability in TrustedLogin TrustedLogin Vendor.This issue affects TrustedLogin Vendor: from n/a before 1.1.1. | |||||
| CVE-2024-34559 | 2026-04-28 | N/A | 7.5 HIGH | ||
| Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.This issue affects Ghost: from n/a through 1.4.0. | |||||
| CVE-2024-34550 | 2026-04-28 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.This issue affects Dynamics 365 Integration: from n/a through 1.3.17. | |||||
| CVE-2024-33922 | 2026-04-28 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information into Log File vulnerability in Jordy Meow WP Media Cleaner.This issue affects WP Media Cleaner: from n/a through 6.7.2. | |||||
| CVE-2024-33637 | 2026-04-28 | N/A | 7.5 HIGH | ||
| Insertion of Sensitive Information into Log File vulnerability in Solid Plugins Solid Affiliate.This issue affects Solid Affiliate: from n/a through 1.9.1. | |||||
| CVE-2024-32953 | 2026-04-28 | N/A | 7.5 HIGH | ||
| Insertion of Sensitive Information into Log File vulnerability in Newsletters.This issue affects Newsletters: from n/a through 4.9.5. | |||||
| CVE-2024-32788 | 2026-04-28 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Joomla to WordPress.This issue affects FG Joomla to WordPress: from n/a through 4.20.2. | |||||
| CVE-2024-32686 | 2026-04-28 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information into Log File vulnerability in Inisev Backup Migration.This issue affects Backup Migration: from n/a through 1.4.3. | |||||
| CVE-2024-32513 | 2026-04-28 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information into Log File vulnerability in AdTribes.Io Product Feed PRO for WooCommerce.This issue affects Product Feed PRO for WooCommerce: from n/a through 13.3.1. | |||||
| CVE-2024-31353 | 1 Tribulant | 1 Slideshow Gallery | 2026-04-28 | N/A | 5.3 MEDIUM |
| Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. | |||||
| CVE-2024-31298 | 1 Joelhardi | 1 User Spam Remover | 2026-04-28 | N/A | 5.3 MEDIUM |
| Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0. | |||||
| CVE-2024-31259 | 1 Searchiq | 1 Searchiq | 2026-04-28 | N/A | 7.5 HIGH |
| Insertion of Sensitive Information into Log File vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.5. | |||||