Search Results (1169 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-2002 2026-04-15 6 Medium
CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device.
CVE-2025-0736 1 Redhat 1 Jboss Data Grid 2026-04-15 5.5 Medium
A flaw was found in Infinispan, when using JGroups with JDBC_PING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and exploitation by malicious actors.
CVE-2024-31216 1 Fluxcd 1 Source-controller 2026-04-15 5.1 Medium
The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to version 1.2.5, when source-controller was configured to use an Azure SAS token when connecting to Azure Blob Storage, the token was logged along with the Azure URL when the controller encountered a connection error. An attacker with access to the source-controller logs could use the token to gain access to the Azure Blob Storage until the token expires. This vulnerability was fixed in source-controller v1.2.5. There is no workaround for this vulnerability except for using a different auth mechanism such as Azure Workload Identity.
CVE-2024-27154 1 Toshibatec 50 E-studio-2010-ac, E-studio-2015-nc, E-studio-2018 A and 47 more 2026-04-15 6.2 Medium
Passwords are stored in clear-text logs. An attacker can retrieve passwords. As for the affected products/models/versions, see the reference URL.
CVE-2025-41690 1 Endress+hauser 1 Proline 10 2026-04-15 7.4 High
A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.
CVE-2023-6814 1 Hitachi 1 Cosminexus Component Container 2026-04-15 5.6 Medium
Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-20-07, from 11-10 before 11-10-10, from 11-00 before 11-00-12, All versions of V8 and V9.
CVE-2025-24520 1 Intel 1 Local Manageability Service 2026-04-15 3.3 Low
Insertion of sensitive information into log file for some Intel(R) Local Manageability Service software before version 2514.7.16.0 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2024-43990 1 Stylemixthemes 1 Masterstudy Lms 2026-04-15 5.3 Medium
Insertion of Sensitive Information into Log File vulnerability in StylemixThemes Masterstudy LMS Starter.This issue affects Masterstudy LMS Starter: from n/a through 1.1.8.
CVE-2024-58269 1 Suse 1 Rancher 2026-04-15 4.3 Medium
A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs.
CVE-2025-11504 1 Wordpress 1 Wordpress 2026-04-15 7.5 High
The Quickcreator – AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 0.0.9 to 0.1.17 through the /wp-content/plugins/quickcreator/dupasrala.txt file. This makes it possible for unauthenticated attackers to view the plugin's API key and subsequently use that to perform actions on the site like creating new posts and injecting XSS payloads.
CVE-2025-42935 1 Sap 5 Abap Platform, As Abap, Netweaver and 2 more 2026-04-15 4.1 Medium
The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive information, resulting in information disclosure. This leads to high impact on the confidentiality of the application, with no impact on integrity or availability.
CVE-2026-4788 1 Ibm 3 Tivoli Netcool/impact, Tivoli Netcool\/impact, Tivoli Netcool Impact 2026-04-14 8.4 High
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user.
CVE-2026-28261 1 Dell 2 Elastic Cloud Storage, Objectscale 2026-04-14 7.8 High
Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to secret exposure. The attacker may be able to use the exposed secret to access the vulnerable system with privileges of the compromised account.
CVE-2026-34487 1 Apache 1 Tomcat 2026-04-14 7.5 High
Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.
CVE-2019-25683 1 Filezilla-project 3 Filezilla, Filezilla Client, Filezilla Server 2026-04-10 6.2 Medium
FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and 'CCCC' sequences in the search directory field and initiating a local search operation.
CVE-2024-13818 1 Genetechsolutions 1 Pie Register 2026-04-08 5.3 Medium
The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.4 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files.
CVE-2024-2302 2 Awesomemotive, Easydigitaldownloads 2 Easy Digital Downloads, Easy Digital Downloads 2026-04-08 5.3 Medium
The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the debug log via Directory Listing. This file may include PII.
CVE-2024-6687 1 Thisfunctional 1 Ctt Expresso Para Woocommerce 2026-04-08 5.3 Medium
The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 3.2.12 via the /wp-content/uploads/cepw directory. The generated .pdf and log files are publicly accessible and contain sensitive information such as sender and receiver names, phone numbers, physical addresses, and email addresses
CVE-2025-6391 1 Broadcom 1 Brocade Active Support Connectivity Gateway 2026-04-06 9.1 Critical
Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure.
CVE-2026-4819 2 Floragunn, Search-guard 2 Search Guard Flx, Flx 2026-04-03 4.9 Medium
In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.