Total
980 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31788 | 2025-04-01 | 5.3 Medium | ||
| Insertion of Sensitive Information into Log File vulnerability in smackcoders AIO Performance Profiler, Monitor, Optimize, Compress & Debug allows Retrieve Embedded Sensitive Data. This issue affects AIO Performance Profiler, Monitor, Optimize, Compress & Debug: from n/a through 1.2. | ||||
| CVE-2024-23760 | 1 Gambio | 1 Gambio | 2025-03-28 | 2.7 Low |
| Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot. | ||||
| CVE-2024-28154 | 1 Jenkins | 1 Mq Notifier | 2025-03-27 | 6.5 Medium |
| Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default. | ||||
| CVE-2025-30205 | 2025-03-27 | 7.6 High | ||
| kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the (optional) kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system log. This only impacts users which both use the provided patches and provision their `admin` or `idm_admin` account credentials this way. No other credentials are affected. Users should recompile kanidm with the newest patchset from tag `v1.2.0` or higher. As a workaround, the user can set the log level `KANIDM_LOG_LEVEL` to any level higher than `info`, for example `warn`. | ||||
| CVE-2022-45098 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-26 | 6.1 Medium |
| Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2023-22574 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-26 | 8.1 High |
| Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs on the cluster could potentially exploit this vulnerability, leading to Information disclosure and denial of service. | ||||
| CVE-2023-22572 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-26 | 7.8 High |
| Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover. | ||||
| CVE-2023-22573 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-26 | 7.9 High |
| Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure. | ||||
| CVE-2023-22575 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-26 | 8.7 High |
| Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user could potentially exploit this vulnerability, leading to information disclosure and escalation of privileges. | ||||
| CVE-2021-36544 | 1 Tpcms Project | 1 Tpcms | 2025-03-26 | 7.5 High |
| Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL. | ||||
| CVE-2022-42439 | 4 Ibm, Linux, Microsoft and 1 more | 6 Aix, App Connect Enterprise, App Connect Enterprise Certified Container and 3 more | 2025-03-25 | 6.8 Medium |
| IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211. | ||||
| CVE-2024-44166 | 1 Apple | 1 Macos | 2025-03-25 | 5.5 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data. | ||||
| CVE-2024-40598 | 1 Mediawiki | 1 Mediawiki | 2025-03-25 | 4.3 Medium |
| An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. (The log_deleted attribute is not applied to entries.) | ||||
| CVE-2023-21435 | 1 Samsung | 1 Android | 2025-03-24 | 4.4 Medium |
| Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log. | ||||
| CVE-2023-22362 | 1 Akindo-sushiro | 5 Hong Kong Sushiro, Singapore Sushiro, Sushiro and 2 more | 2025-03-21 | 7.5 High |
| SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. Affected products/versions are as follows: SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1 | ||||
| CVE-2024-40791 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-19 | 3.3 Low |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access information about a user's contacts. | ||||
| CVE-2024-54519 | 1 Apple | 1 Macos | 2025-03-19 | 5.5 Medium |
| The issue was resolved by sanitizing logging. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to read sensitive location information. | ||||
| CVE-2025-0495 | 2025-03-18 | N/A | ||
| Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command. OpenTelemetry traces are also saved in BuildKit daemon's history records. This vulnerability does not impact secrets passed to the Github cache backend via environment variables or registry authentication. | ||||
| CVE-2024-40596 | 1 Mediawiki | 1 Mediawiki | 2025-03-18 | 4.3 Medium |
| An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. (TimelineService does not support properly suppressing.) | ||||
| CVE-2024-7421 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-17 | 5.5 Medium |
| An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions | ||||