Total
1043 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9453 | 2 Jenkins, Redhat | 3 Jenkins, Ocp Tools, Openshift Developer Tools And Services | 2025-12-12 | 6.5 Medium |
| A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information. | ||||
| CVE-2025-59203 | 1 Microsoft | 25 Windows, Windows 10, Windows 10 1507 and 22 more | 2025-12-11 | 5.5 Medium |
| Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59197 | 1 Microsoft | 25 Windows, Windows 10, Windows 10 1507 and 22 more | 2025-12-11 | 5.5 Medium |
| Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-47979 | 1 Microsoft | 6 Windows, Windows Server, Windows Server 2022 and 3 more | 2025-12-11 | 5.5 Medium |
| Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59258 | 1 Microsoft | 11 Active Directory Federation Services, Windows, Windows Server and 8 more | 2025-12-11 | 6.2 Medium |
| Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2024-51752 | 1 Workos | 1 Authkit-nextjs | 2025-12-11 | 5.5 Medium |
| The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.13.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-13611 | 1 Gitlab | 1 Gitlab | 2025-12-10 | 2 Low |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with access to certain logs to obtain sensitive tokens under specific conditions. | ||||
| CVE-2024-47570 | 1 Fortinet | 5 Fortios, Fortipam, Fortiproxy and 2 more | 2025-12-10 | 6.3 Medium |
| An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11; FortiPAM 1.4 all versions, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiSRA 1.4 all versions may allow a read-only administrator to retrieve API tokens of other administrators via observing REST API logs, if REST API logging is enabled (non-default configuration). | ||||
| CVE-2025-64650 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-12-10 | 6.5 Medium |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files. | ||||
| CVE-2025-62209 | 1 Microsoft | 24 Windows, Windows 10, Windows 10 1507 and 21 more | 2025-12-09 | 5.5 Medium |
| Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-62208 | 1 Microsoft | 25 Windows, Windows 10, Windows 10 1507 and 22 more | 2025-12-09 | 5.5 Medium |
| Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. | ||||
| CVE-2020-36876 | 1 Request Serious Play | 2 Request Serious Play, Request Serious Play Pro | 2025-12-08 | N/A |
| ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running on the device. Attackers can access sensitive information by visiting the message_log page. | ||||
| CVE-2025-12940 | 1 Netgear | 4 Wax610, Wax610 Firmware, Wax610y and 1 more | 2025-12-08 | 5.5 Medium |
| Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points). An user having access to the syslog server can read the logs containing these credentials. This issue affects WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4. Devices managed with Insight get automatic updates. If not, please check the firmware version and update to the latest. Fixed in: WAX610 firmware 11.8.0.10 or later. WAX610Y firmware 11.8.0.10 or later. | ||||
| CVE-2025-66411 | 1 Coder | 1 Coder | 2025-12-04 | 7.8 High |
| Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access to the Coder Workspace (VM, K8s Pod etc.) or a third-party system (SIEM, logging stack) could access those logs. This vulnerability is fixed in 2.26.5, 2.27.7, and 2.28.4. | ||||
| CVE-2025-11446 | 1 Upkeeper | 1 Upkeeper Manager | 2025-12-02 | 6.5 Medium |
| Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.This issue affects upKeeper Manager: from 5.2.0 before 5.2.12. | ||||
| CVE-2025-43423 | 1 Apple | 6 Ios, Ipad Os, Ipados and 3 more | 2025-12-01 | 2 Low |
| A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive user information in system logging. | ||||
| CVE-2025-20329 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2025-12-01 | 4.9 Medium |
| A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability exists because certain unencrypted credentials are stored when SIP media component logging is enabled. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials to which they may not normally have access. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the Webex Cloud or stored on the device itself, an attacker must have valid administrative credentials. | ||||
| CVE-2025-20373 | 1 Splunk | 1 Splunk | 2025-12-01 | 2.7 Low |
| In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the _internal index during the addition of new “Data Security Accounts“. The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) in the Splunk documentation for more information. | ||||
| CVE-2024-23686 | 1 Owasp | 1 Dependency-check | 2025-11-29 | 5.3 Medium |
| DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file. | ||||
| CVE-2025-34183 | 1 Ilevia | 2 Eve X1 Server, Eve X1 Server Firmware | 2025-11-28 | 7.5 High |
| Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed .log files. This flaw enables full authentication bypass and system compromise through credential reuse. | ||||