Total
1055 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6060 | 2025-12-30 | N/A | N/A | ||
| An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information. | |||||
| CVE-2025-68919 | 2025-12-29 | N/A | 5.6 MEDIUM | ||
| Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express (DX / AF Management Software) before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to potentially affect system confidentiality, integrity, and availability. | |||||
| CVE-2025-37727 | 1 Elastic | 1 Elasticsearch | 2025-12-23 | N/A | 5.7 MEDIUM |
| Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex | |||||
| CVE-2025-12996 | 1 Medtronic | 1 Carelink Network | 2025-12-22 | N/A | 4.1 MEDIUM |
| Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025. | |||||
| CVE-2025-10221 | 2 Axxonsoft, Microsoft | 2 Axxon One, Windows | 2025-12-19 | N/A | 5.5 MEDIUM |
| Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in AxxonSoft Axxon One / AxxonNet / C-WerkNet 2.0.4 and earlier on Windows platforms allows a local attacker to obtain plaintext credentials via reading TRACE log files containing serialized JSON with passwords. | |||||
| CVE-2025-43475 | 1 Apple | 2 Ipados, Iphone Os | 2025-12-18 | N/A | 5.5 MEDIUM |
| A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data. | |||||
| CVE-2025-14432 | 1 Hp | 18 Poly Eagleeye Cube, Poly Eagleeye Iv, Poly Studio A2 and 15 more | 2025-12-18 | N/A | 4.9 MEDIUM |
| In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC) to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration changes made using the provisioning server or the device WebUI. | |||||
| CVE-2025-13321 | 1 Mattermost | 1 Mattermost Desktop | 2025-12-18 | N/A | 3.3 LOW |
| Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs. | |||||
| CVE-2025-36133 | 1 Ibm | 2 App Connect Enterprise Certified Containers Operands, App Connect Operator | 2025-12-18 | N/A | 5.9 MEDIUM |
| IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and 12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the container. | |||||
| CVE-2025-48709 | 1 Bmc | 1 Control-m\/server | 2025-12-18 | N/A | 3.8 LOW |
| BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentials and use them to log in to the database server. For example, when Control-M/Server on Windows has a database connection on, it runs 'DBUStatus.exe' frequently, which then calls 'dbu_connection_details.vbs' with the username, password, database hostname, and port written in cleartext, which can be seen in event and process logs in two separate locations. Fixed in PACTV.9.0.21.307. | |||||
| CVE-2025-14437 | 2025-12-18 | N/A | 7.5 HIGH | ||
| The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API credentials. | |||||
| CVE-2025-1296 | 1 Hashicorp | 1 Nomad | 2025-12-18 | N/A | 6.5 MEDIUM |
| Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19. | |||||
| CVE-2024-51752 | 1 Workos | 1 Authkit-nextjs | 2025-12-11 | N/A | 5.5 MEDIUM |
| The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.13.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-47570 | 1 Fortinet | 5 Fortios, Fortipam, Fortiproxy and 2 more | 2025-12-10 | N/A | 6.6 MEDIUM |
| An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11; FortiPAM 1.4 all versions, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiSRA 1.4 all versions may allow a read-only administrator to retrieve API tokens of other administrators via observing REST API logs, if REST API logging is enabled (non-default configuration). | |||||
| CVE-2025-64650 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-12-10 | N/A | 6.5 MEDIUM |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files. | |||||
| CVE-2020-36876 | 2025-12-08 | N/A | N/A | ||
| ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running on the device. Attackers can access sensitive information by visiting the message_log page. | |||||
| CVE-2025-12940 | 1 Netgear | 4 Wax610, Wax610 Firmware, Wax610y and 1 more | 2025-12-08 | N/A | 5.5 MEDIUM |
| Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points). An user having access to the syslog server can read the logs containing these credentials. This issue affects WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4. Devices managed with Insight get automatic updates. If not, please check the firmware version and update to the latest. Fixed in: WAX610 firmware 11.8.0.10 or later. WAX610Y firmware 11.8.0.10 or later. | |||||
| CVE-2025-11446 | 1 Upkeeper | 1 Upkeeper Manager | 2025-12-02 | N/A | 6.5 MEDIUM |
| Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.This issue affects upKeeper Manager: from 5.2.0 before 5.2.12. | |||||
| CVE-2025-20329 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2025-12-01 | N/A | 4.9 MEDIUM |
| A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability exists because certain unencrypted credentials are stored when SIP media component logging is enabled. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials to which they may not normally have access. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the Webex Cloud or stored on the device itself, an attacker must have valid administrative credentials. | |||||
| CVE-2025-20373 | 2025-12-01 | N/A | 2.7 LOW | ||
| In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the _internal index during the addition of new “Data Security Accounts“. The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) in the Splunk documentation for more information. | |||||