Total
979 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40694 | 2 Ibm, Redhat | 2 Watson Cp4d Data Stores, Openshift | 2025-08-20 | 6.2 Medium |
| IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 264838. | ||||
| CVE-2025-38745 | 1 Dell | 1 Openmanage Enterprise | 2025-08-19 | 4.8 Medium |
| Dell OpenManage Enterprise, versions 3.10, 4.0, 4.1, and 4.2, contains an Insertion of Sensitive Information into Log File vulnerability in the Backup and Restore. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | ||||
| CVE-2025-55285 | 1 Backstage | 1 Backstage | 2025-08-18 | 2.6 Low |
| @backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly redacted. If ${{ secrets.x }} is not passed through to fetch:template there is no impact. This issue has been resolved in 2.1.1 of the scaffolder-backend plugin. A workaround for this issue involves Template Authors removing the use of ${{ secrets }} being used as an argument to fetch:template. | ||||
| CVE-2024-9453 | 2 Jenkins, Redhat | 3 Jenkins, Ocp Tools, Openshift Developer Tools And Services | 2025-08-18 | 6.5 Medium |
| A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information. | ||||
| CVE-2024-45674 | 1 Ibm | 4 Security Verify Bridge, Security Verify Bridge Directory Sync, Security Verify Gateway For Radius and 1 more | 2025-08-18 | 3.3 Low |
| IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores potentially sensitive information in log files that could be read by a local user. | ||||
| CVE-2023-43043 | 1 Ibm | 2 Enterprise Asset Management, Maximo Mobile For Eam | 2025-08-15 | 5.1 Medium |
| IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 could disclose sensitive information to a local user. IBM X-Force ID: 266875. | ||||
| CVE-2025-1998 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-08-14 | 5.5 Medium |
| IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication token information in log files that could be read by a local user. | ||||
| CVE-2025-24520 | 1 Intel | 1 Local Manageability Service | 2025-08-13 | 3.3 Low |
| Insertion of sensitive information into log file for some Intel(R) Local Manageability Service software before version 2514.7.16.0 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2023-38271 | 1 Ibm | 1 Cloud Pak System | 2025-08-13 | 4.3 Medium |
| IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files. | ||||
| CVE-2025-52893 | 1 Openbao | 1 Openbao | 2025-08-12 | 4.5 Medium |
| OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data. This is separate from the earlier HCSEC-2025-09 / CVE-2025-4166. This issue has been fixed in OpenBao v2.3.0 and later. Like with HCSEC-2025-09, there is no known workaround except to ensure properly formatted requests from all clients. | ||||
| CVE-2024-7586 | 1 Gitlab | 1 Gitlab | 2025-08-12 | 4.1 Medium |
| An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials. | ||||
| CVE-2025-42935 | 1 Sap | 5 Abap Platform, As Abap, Netweaver and 2 more | 2025-08-12 | 4.1 Medium |
| The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive information, resulting in information disclosure. This leads to high impact on the confidentiality of the application, with no impact on integrity or availability. | ||||
| CVE-2025-48709 | 1 Bmc | 1 Control-m | 2025-08-12 | 9.8 Critical |
| An issue was discovered in BMC Control-M 9.0.21.300. When Control-M Server has a database connection, it runs DBUStatus.exe frequently, which then calls dbu_connection_details.vbs with the username, password, database hostname, and port written in cleartext, which can be seen in event and process logs in two separate locations. | ||||
| CVE-2025-8864 | 1 Yugabyte | 1 Yugabytedb | 2025-08-12 | 3.5 Low |
| Shared Access Signature token is not masked in the backup configuration response and is also exposed in the yb_backup logs | ||||
| CVE-2024-2877 | 1 Hashicorp | 2 Vault, Vault Enterprise | 2025-08-08 | 5.5 Medium |
| Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8. | ||||
| CVE-2023-46175 | 1 Ibm | 1 Cloud Pak For Multicloud Management Monitoring | 2025-08-08 | 4.4 Medium |
| IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user. | ||||
| CVE-2025-50200 | 1 Broadcom | 1 Rabbitmq Server | 2025-08-06 | 5.5 Medium |
| RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. This issue has been patched in version 4.0.8. | ||||
| CVE-2025-24034 | 1 Himmelblau-idm | 1 Himmelblau | 2025-08-05 | 3.2 Low |
| Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially exposing sensitive authentication data. Similarly, Kerberos Ticket-Granting Tickets (TGTs) are logged when debug logging is enabled. Both issues pose a risk of exposing sensitive credentials, particularly in environments where debug logging is enabled. Himmelblau versions 0.7.15 and 0.8.3 contain a patch that fixes both issues. Some workarounds are available for users who are unable to upgrade. For the **logon compliance script issue**, disable the `logon_script` option in `/etc/himmelblau/himmelblau.conf`, and avoid using the `-d` flag when starting the `himmelblaud` daemon. For the Kerberos CCache issue, one may disable debug logging globally by setting the `debug` option in `/etc/himmelblau/himmelblau.conf` to `false` and avoiding the `-d` parameter when starting `himmelblaud`. | ||||
| CVE-2025-54781 | 1 Himmelblau-idm | 1 Himmelblau | 2025-08-05 | 2.8 Low |
| Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version 1.0.0, the himmelblaud_tasks service leaks an Intune service access token to the system journal. This short-lived token can be used to detect the host's Intune compliance status, and may permit additional administrative operations for the Intune host device (though the API for these operations is undocumented). This is fixed in version 1.1.0. To workaround this issue, ensure that Himmelblau debugging is disabled. | ||||
| CVE-2025-26332 | 1 Dell | 1 Techadvisor | 2025-08-05 | 8.8 High |
| TechAdvisor versions 2.6 through 3.37-30 for Dell XtremIO X2, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | ||||