Total
1053 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-13743 | 1 Docker | 1 Docker Desktop | 2026-01-30 | N/A | 7.5 HIGH |
| Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred. | |||||
| CVE-2025-13925 | 1 Ibm | 1 Aspera Console | 2026-01-30 | N/A | 4.9 MEDIUM |
| IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user. | |||||
| CVE-2026-0936 | 2026-01-29 | N/A | 5.0 MEDIUM | ||
| An Insertion of Sensitive Information into Log File vulnerability in B&R PVI client versions prior to 6.5 may be abused by an authenticated local attacker to gather credential information which is processed by the PVI client application. The logging function of the PVI client application is disabled by default and must be explicitly enabled by the user. | |||||
| CVE-2025-58189 | 1 Golang | 1 Go | 2026-01-29 | N/A | 5.3 MEDIUM |
| When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped. | |||||
| CVE-2025-59355 | 1 Apache | 1 Linkis | 2026-01-27 | N/A | 6.5 MEDIUM |
| A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode() fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.error(str + "decode failed", e). If the input parameter contains sensitive information such as Hive Metastore keys, plaintext passwords will be left in the log files when decoding fails, resulting in information leakage. Affected Scope Component: Sensitive fields in hive-site.xml (e.g., javax.jdo.option.ConnectionPassword) or other fields encoded in Base64. Version: Apache Linkis 1.0.0 – 1.7.0 Trigger Conditions The value of the configuration item is an invalid Base64 string. Log files are readable by users other than hive-site.xml administrators. Severity: Low The probability of Base64 decoding failure is low. The leakage is only triggered when logs at the Error level are exposed. Remediation Apache Linkis 1.8.0 and later versions have replaced the log with desensitized content. logger.error("URL decode failed: {}", e.getMessage()); // 不再输出 str Users are recommended to upgrade to version 1.8.0, which fixes the issue. | |||||
| CVE-2025-43508 | 1 Apple | 1 Macos | 2026-01-27 | N/A | 5.5 MEDIUM |
| A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data. | |||||
| CVE-2024-39532 | 1 Juniper | 2 Junos, Junos Os Evolved | 2026-01-22 | N/A | 6.3 MEDIUM |
| An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information. When another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information. This issue affects: Junos OS: * All versions before 21.2R3-S9; * 21.4 versions before 21.4R3-S9; * 22.2 versions before 22.2R2-S1, 22.2R3; * 22.3 versions before 22.3R1-S1, 22.3R2; Junos OS Evolved: * All versions before before 22.1R3-EVO; * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO. | |||||
| CVE-2026-23493 | 1 Pimcore | 1 Pimcore | 2026-01-20 | N/A | 8.6 HIGH |
| Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through the Pimcore backend. This vulnerability is fixed in 12.3.1 and 11.5.14. | |||||
| CVE-2025-36599 | 1 Dell | 1 Powerflex Manager | 2026-01-16 | N/A | 4.3 MEDIUM |
| Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the system with privileges of the compromised account. | |||||
| CVE-2025-25002 | 1 Microsoft | 1 Azure Local Cluster | 2026-01-16 | N/A | 6.8 MEDIUM |
| Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network. | |||||
| CVE-2026-20818 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2026-01-14 | N/A | 6.2 MEDIUM |
| Insertion of sensitive information into log file in Windows Kernel allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2025-26332 | 1 Dell | 3 Techadvisor, Xtremio Management Server, Xtremio X2 | 2026-01-14 | N/A | 8.8 HIGH |
| TechAdvisor versions 2.6 through 3.37-30 for Dell XtremIO X2, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2025-30105 | 1 Dell | 3 Techadvisor, Xtremio Management Server, Xtremio X2 | 2026-01-14 | N/A | 8.8 HIGH |
| Dell XtremIO, version(s) 6.4.0-22, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2025-36573 | 1 Dell | 4 Pro Smart Dock Sd25, Pro Smart Dock Sd25 Firmware, Pro Thunderbolt 4 Smart Dock Sd25tb4 and 1 more | 2026-01-13 | N/A | 7.1 HIGH |
| Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an Insertion of Sensitive Information into Log File vulnerability. A user with local access could potentially exploit this vulnerability, leading to Information disclosure. | |||||
| CVE-2024-27784 | 1 Fortinet | 1 Fortiaiops | 2026-01-09 | N/A | 8.8 HIGH |
| Multiple Exposure of sensitive information to an unauthorized actor weaknesses [CWE-200] vulnerability in Fortinet FortiAIOps 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files. | |||||
| CVE-2025-14010 | 1 Redhat | 1 Community.general | 2026-01-02 | N/A | 5.5 MEDIUM |
| A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access. | |||||
| CVE-2025-66910 | 1 Turms-im | 1 Turms | 2026-01-02 | N/A | 6.0 MEDIUM |
| Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login, raw passwords are stored unencrypted in memory in the rawPassword field. Attackers with local system access can extract these passwords through memory dumps, heap analysis, or debugger attachment, bypassing bcrypt protection. | |||||
| CVE-2025-63729 | 1 Syrotech | 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware | 2025-12-30 | N/A | 9.0 CRITICAL |
| An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format in firmware in etc folder. | |||||
| CVE-2024-6060 | 2025-12-30 | N/A | N/A | ||
| An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information. | |||||
| CVE-2025-68919 | 2025-12-29 | N/A | 5.6 MEDIUM | ||
| Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express (DX / AF Management Software) before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to potentially affect system confidentiality, integrity, and availability. | |||||