Total
902 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-20231 | 2025-03-27 | N/A | 7.1 HIGH | ||
| In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a higher-privileged user that could lead to disclosure of sensitive information.<br><br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated low-privileged user should not be able to exploit the vulnerability at will. | |||||
| CVE-2025-1998 | 2025-03-27 | N/A | 5.5 MEDIUM | ||
| IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication token information in log files that could be read by a local user. | |||||
| CVE-2021-36544 | 1 Tpcms Project | 1 Tpcms | 2025-03-26 | N/A | 7.5 HIGH |
| Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL. | |||||
| CVE-2024-44166 | 1 Apple | 1 Macos | 2025-03-25 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data. | |||||
| CVE-2024-40598 | 1 Mediawiki | 1 Mediawiki | 2025-03-25 | N/A | 4.3 MEDIUM |
| An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. (The log_deleted attribute is not applied to entries.) | |||||
| CVE-2023-22362 | 1 Akindo-sushiro | 5 Hong Kong Sushiro, Singapore Sushiro, Sushiro and 2 more | 2025-03-21 | N/A | 7.5 HIGH |
| SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. Affected products/versions are as follows: SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1 | |||||
| CVE-2024-40791 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-19 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access information about a user's contacts. | |||||
| CVE-2024-54519 | 1 Apple | 1 Macos | 2025-03-19 | N/A | 5.5 MEDIUM |
| The issue was resolved by sanitizing logging. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to read sensitive location information. | |||||
| CVE-2024-40596 | 1 Mediawiki | 1 Mediawiki | 2025-03-18 | N/A | 4.3 MEDIUM |
| An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. (TimelineService does not support properly suppressing.) | |||||
| CVE-2025-0495 | 2025-03-17 | N/A | N/A | ||
| Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command. OpenTelemetry traces are also saved in BuildKit daemon's history records. This vulnerability does not impact secrets passed to the Github cache backend via environment variables or registry authentication. | |||||
| CVE-2024-7421 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-17 | N/A | 5.5 MEDIUM |
| An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions | |||||
| CVE-2024-57957 | 1 Huawei | 1 Harmonyos | 2025-03-17 | N/A | 6.6 MEDIUM |
| Vulnerability of improper log information control in the UI framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-40585 | 2025-03-14 | N/A | 6.5 MEDIUM | ||
| An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below and FortiAnalyzer version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below eventlog may allow any low privileged user with access to event log section to retrieve certificate private key and encrypted password logged as system log. | |||||
| CVE-2024-25654 | 1 Avsystem | 1 Unified Management Platform | 2025-03-14 | N/A | 5.5 MEDIUM |
| Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database. | |||||
| CVE-2025-24984 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-03-13 | N/A | 4.6 MEDIUM |
| Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack. | |||||
| CVE-2025-27496 | 2025-03-13 | N/A | 3.3 LOW | ||
| Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. Snowflake fixed the issue in version 3.23.1. | |||||
| CVE-2024-42056 | 1 Retool | 1 Retool | 2025-03-13 | N/A | 6.5 MEDIUM |
| Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered (by an authenticated attacker) via the /api/resources endpoint. The earliest affected version is 3.18.1. | |||||
| CVE-2024-38460 | 1 Sonarsource | 1 Sonarqube | 2025-03-13 | N/A | 4.9 MEDIUM |
| In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs, etc). | |||||
| CVE-2025-2002 | 2025-03-12 | N/A | 6.0 MEDIUM | ||
| CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device. | |||||
| CVE-2025-0736 | 2025-03-12 | N/A | 5.5 MEDIUM | ||
| A flaw was found in Infinispan, when using JGroups with JDBC_PING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and exploitation by malicious actors. | |||||