Total
979 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-44624 | 1 Jetbrains | 1 Teamcity | 2025-05-02 | 6.5 Medium |
| In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters | ||||
| CVE-2021-44862 | 1 Netskope | 1 Netskope | 2025-05-02 | 8.4 High |
| Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs. A malicious user can use the sensitive information to download data and impersonate another user. | ||||
| CVE-2022-3191 | 2 Hitachi, Linux | 2 Ops Center Analyzer, Linux Kernel | 2025-05-02 | 6.6 Medium |
| Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Analyzer on Linux (Virtual Strage Software Agent component) allows local users to gain sensitive information. This issue affects Hitachi Ops Center Analyzer: from 10.8.1-00 before 10.9.0-00 | ||||
| CVE-2022-27893 | 1 Osisoft-pi-web-connector Project | 1 Osisoft-pi-web-connector | 2025-05-02 | 4.2 Medium |
| The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0. | ||||
| CVE-2024-23758 | 1 Unisys | 1 Stealth | 2025-05-02 | 7.5 High |
| An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information via the Enterprise ManagementInstaller_msi.log file. | ||||
| CVE-2025-3911 | 1 Docker | 1 Docker Desktop | 2025-05-02 | N/A |
| Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain sensitive credentials information and further use it to gain unauthorized access to other systems. Starting with version 4.41.0, Docker Desktop no longer logs environment variables set by the user. | ||||
| CVE-2022-39893 | 1 Samsung | 1 Galaxy Buds Pro Manage | 2025-05-01 | 3.3 Low |
| Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751 allows local attackers with log access permission to get device identifier data through device log. | ||||
| CVE-2023-43261 | 1 Milesight | 12 Ur32, Ur32 Firmware, Ur32l and 9 more | 2025-05-01 | 7.5 High |
| An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components. | ||||
| CVE-2022-44745 | 1 Acronis | 1 Cyber Protect Home Office | 2025-05-01 | 5.5 Medium |
| Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | ||||
| CVE-2022-27896 | 1 Palantir | 1 Foundry Code-workbooks | 2025-04-30 | 4.2 Medium |
| Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks version 4.461.0. This issue affects Palantir Foundry Code-Workbooks version 4.144 to version 4.460.0 and is resolved in 4.461.0. | ||||
| CVE-2022-43673 | 1 Wire | 1 Wire | 2025-04-30 | 4.7 Medium |
| Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppData\Roaming\Wire\IndexedDB\https_app.wire.com_0.indexeddb.leveldb database. | ||||
| CVE-2022-27895 | 1 Palantir | 1 Foundry Build2 | 2025-04-29 | 4.2 Medium |
| Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater. | ||||
| CVE-2025-46614 | 2025-04-29 | 3.3 Low | ||
| In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File. | ||||
| CVE-2022-35719 | 1 Ibm | 1 Mq Internet Pass-thru | 2025-04-25 | 5.1 Medium |
| IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user. | ||||
| CVE-2022-2721 | 1 Octopus | 1 Octopus Server | 2025-04-25 | 7.5 High |
| In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled. | ||||
| CVE-2024-22464 | 1 Dell | 1 Emc Appsync | 2025-04-24 | 6.2 Medium |
| Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account. | ||||
| CVE-2022-24757 | 1 Jupyter | 1 Jupyter Server | 2025-04-23 | 7.5 High |
| The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter Server version 1.15.4 contains a patch for this issue. There are currently no known workarounds. | ||||
| CVE-2022-24758 | 1 Jupyter | 1 Notebook | 2025-04-23 | 7.5 High |
| The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter notebook version 6.4.x contains a patch for this issue. There are currently no known workarounds. | ||||
| CVE-2022-24875 | 1 Cve | 1 Cve-services | 2025-04-23 | 5.3 Medium |
| The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the `org.conroller.js` code would erroneously log user secrets. This has been resolved in commit `46d98f2b` and should be available in subsequent versions of the software. Users of the software are advised to manually apply the `46d98f2b` commit or to update when a new version becomes available. As a workaround users should inspect their logs and remove logged secrets as appropriate. | ||||
| CVE-2022-31047 | 1 Typo3 | 1 Typo3 | 2025-04-23 | 5.3 Medium |
| TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem. | ||||