Total
1018 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48493 | 1 Yiiframework | 1 Yii2-redis | 2025-09-18 | 6.5 Medium |
| The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. Version 2.0.20 fixes the issue. | ||||
| CVE-2025-4234 | 3 Microsoft, Palo Alto, Paloaltonetworks | 5 365, Networks, Cortex Xdr and 2 more | 2025-09-15 | N/A |
| A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs. | ||||
| CVE-2024-47094 | 1 Checkmk | 1 Checkmk | 2025-09-11 | 5.5 Medium |
| Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users. | ||||
| CVE-2024-51752 | 1 Workos | 1 Authkit | 2025-09-10 | 5.5 Medium |
| The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.13.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-21323 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-09-09 | 5.5 Medium |
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21317 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-09-09 | 5.5 Medium |
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21321 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-09-09 | 5.5 Medium |
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21320 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-09-09 | 5.5 Medium |
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21319 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-09-09 | 5.5 Medium |
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21318 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-09-09 | 5.5 Medium |
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21316 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-09-09 | 5.5 Medium |
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-23261 | 1 Nvidia | 2 Cumulus Linux, Nvs | 2025-09-05 | 5.5 Medium |
| NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users. | ||||
| CVE-2025-7445 | 1 Kubernetes | 1 Kubernetes | 2025-09-05 | 6.5 Medium |
| Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs. | ||||
| CVE-2025-8663 | 1 Upkeeper | 1 Upkeeper Manager | 2025-09-04 | N/A |
| Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.This issue affects upKeeper Manager: from 5.0.0 before 5.2.12. | ||||
| CVE-2024-9466 | 1 Paloaltonetworks | 1 Expedition | 2025-09-04 | 6.5 Medium |
| A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials. | ||||
| CVE-2025-36133 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2025-09-02 | 5.9 Medium |
| IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and 12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the container. | ||||
| CVE-2025-41690 | 1 Endress+hauser | 1 Proline 10 | 2025-09-02 | 7.4 High |
| A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters. | ||||
| CVE-2025-1998 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-09-01 | 5.5 Medium |
| IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication token information in log files that could be read by a local user. | ||||
| CVE-2024-7577 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-09-01 | 4.4 Medium |
| IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product. | ||||
| CVE-2025-0736 | 1 Redhat | 1 Jboss Data Grid | 2025-08-30 | 5.5 Medium |
| A flaw was found in Infinispan, when using JGroups with JDBC_PING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and exploitation by malicious actors. | ||||