Total
810 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-38745 | 1 Dell | 1 Openmanage Enterprise | 2025-08-19 | N/A | 6.5 MEDIUM |
| Dell OpenManage Enterprise, versions 3.10, 4.0, 4.1, and 4.2, contains an Insertion of Sensitive Information into Log File vulnerability in the Backup and Restore. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | |||||
| CVE-2024-9453 | 2 Jenkins, Redhat | 2 Jenkins, Openshift Developer Tools And Services | 2025-08-18 | N/A | 6.5 MEDIUM |
| A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information. | |||||
| CVE-2025-55285 | 2025-08-15 | N/A | N/A | ||
| @backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly redacted. If ${{ secrets.x }} is not passed through to fetch:template there is no impact. This issue has been resolved in 2.1.1 of the scaffolder-backend plugin. A workaround for this issue involves Template Authors removing the use of ${{ secrets }} being used as an argument to fetch:template. | |||||
| CVE-2025-1998 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-08-14 | N/A | 5.5 MEDIUM |
| IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication token information in log files that could be read by a local user. | |||||
| CVE-2023-38271 | 1 Ibm | 1 Cloud Pak System | 2025-08-13 | N/A | 6.5 MEDIUM |
| IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files. | |||||
| CVE-2025-52893 | 1 Openbao | 1 Openbao | 2025-08-12 | N/A | N/A |
| OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data. This is separate from the earlier HCSEC-2025-09 / CVE-2025-4166. This issue has been fixed in OpenBao v2.3.0 and later. Like with HCSEC-2025-09, there is no known workaround except to ensure properly formatted requests from all clients. | |||||
| CVE-2025-24520 | 2025-08-12 | N/A | N/A | ||
| Insertion of sensitive information into log file for some Intel(R) Local Manageability Service software before version 2514.7.16.0 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2024-7586 | 1 Gitlab | 1 Gitlab | 2025-08-12 | N/A | 7.5 HIGH |
| An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials. | |||||
| CVE-2025-42935 | 2025-08-12 | N/A | 4.1 MEDIUM | ||
| The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive information, resulting in information disclosure. This leads to high impact on the confidentiality of the application, with no impact on integrity or availability. | |||||
| CVE-2025-50200 | 1 Broadcom | 1 Rabbitmq Server | 2025-08-06 | N/A | 5.5 MEDIUM |
| RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. This issue has been patched in version 4.0.8. | |||||
| CVE-2025-30483 | 1 Dell | 2 Elastic Cloud Storage, Objectscale | 2025-08-02 | N/A | N/A |
| Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | |||||
| CVE-2025-54781 | 2025-08-02 | N/A | N/A | ||
| Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version 1.0.0, the himmelblaud_tasks service leaks an Intune service access token to the system journal. This short-lived token can be used to detect the host's Intune compliance status, and may permit additional administrative operations for the Intune host device (though the API for these operations is undocumented). This is fixed in version 1.1.0. To workaround this issue, ensure that Himmelblau debugging is disabled. | |||||
| CVE-2025-23289 | 2025-07-31 | N/A | N/A | ||
| NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerability in the launcher logs, where a user could cause sensitive information to be written to the log files through proxy servers. A successful exploit of this vulnerability might lead to information disclosure. | |||||
| CVE-2025-46809 | 2025-07-31 | N/A | N/A | ||
| A Insertion of Sensitive Information into Log File vulnerability in SUSE Multi Linux Manager exposes the HTTP proxy credentials. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2. | |||||
| CVE-2025-26332 | 2025-07-30 | N/A | N/A | ||
| TechAdvisor versions 2.6 through 3.37-30 for Dell XtremIO X2, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2025-30105 | 2025-07-30 | N/A | N/A | ||
| Dell XtremIO, version(s) 6.4.0-22, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2025-53649 | 2025-07-29 | N/A | N/A | ||
| "SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If this vulnerability is exploited, sensitive user information may be exposed to an attacker who has access to the application logs. | |||||
| CVE-2025-36050 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2025-07-25 | N/A | 6.2 MEDIUM |
| IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user. | |||||
| CVE-2024-40585 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2025-07-23 | N/A | N/A |
| An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below and FortiAnalyzer version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below eventlog may allow any low privileged user with access to event log section to retrieve certificate private key and encrypted password logged as system log. | |||||
| CVE-2022-20630 | 1 Cisco | 1 Catalyst Center | 2025-07-23 | 2.1 LOW | 4.4 MEDIUM |
| A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploit this vulnerability by accessing the audit logs through the CLI. A successful exploit could allow the attacker to retrieve sensitive information that includes user credentials. | |||||