Total
1010 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28154 | 1 Jenkins | 1 Mq Notifier | 2025-03-27 | N/A | 6.5 MEDIUM |
| Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default. | |||||
| CVE-2025-30205 | 2025-03-27 | N/A | 7.6 HIGH | ||
| kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the (optional) kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system log. This only impacts users which both use the provided patches and provision their `admin` or `idm_admin` account credentials this way. No other credentials are affected. Users should recompile kanidm with the newest patchset from tag `v1.2.0` or higher. As a workaround, the user can set the log level `KANIDM_LOG_LEVEL` to any level higher than `info`, for example `warn`. | |||||
| CVE-2021-36544 | 1 Tpcms Project | 1 Tpcms | 2025-03-26 | N/A | 7.5 HIGH |
| Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL. | |||||
| CVE-2024-40598 | 1 Mediawiki | 1 Mediawiki | 2025-03-25 | N/A | 4.3 MEDIUM |
| An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. (The log_deleted attribute is not applied to entries.) | |||||
| CVE-2023-22362 | 1 Akindo-sushiro | 5 Hong Kong Sushiro, Singapore Sushiro, Sushiro and 2 more | 2025-03-21 | N/A | 7.5 HIGH |
| SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. Affected products/versions are as follows: SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1 | |||||
| CVE-2024-54519 | 1 Apple | 1 Macos | 2025-03-19 | N/A | 5.5 MEDIUM |
| The issue was resolved by sanitizing logging. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to read sensitive location information. | |||||
| CVE-2024-40596 | 1 Mediawiki | 1 Mediawiki | 2025-03-18 | N/A | 4.3 MEDIUM |
| An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. (TimelineService does not support properly suppressing.) | |||||
| CVE-2025-0495 | 2025-03-17 | N/A | N/A | ||
| Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command. OpenTelemetry traces are also saved in BuildKit daemon's history records. This vulnerability does not impact secrets passed to the Github cache backend via environment variables or registry authentication. | |||||
| CVE-2024-7421 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-17 | N/A | 5.5 MEDIUM |
| An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions | |||||
| CVE-2024-57957 | 1 Huawei | 1 Harmonyos | 2025-03-17 | N/A | 6.6 MEDIUM |
| Vulnerability of improper log information control in the UI framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-25654 | 1 Avsystem | 1 Unified Management Platform | 2025-03-14 | N/A | 5.5 MEDIUM |
| Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database. | |||||
| CVE-2024-42056 | 1 Retool | 1 Retool | 2025-03-13 | N/A | 6.5 MEDIUM |
| Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered (by an authenticated attacker) via the /api/resources endpoint. The earliest affected version is 3.18.1. | |||||
| CVE-2024-38460 | 1 Sonarsource | 1 Sonarqube | 2025-03-13 | N/A | 4.9 MEDIUM |
| In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs, etc). | |||||
| CVE-2025-2002 | 2025-03-12 | N/A | 6.0 MEDIUM | ||
| CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device. | |||||
| CVE-2025-0736 | 2025-03-12 | N/A | 5.5 MEDIUM | ||
| A flaw was found in Infinispan, when using JGroups with JDBC_PING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and exploitation by malicious actors. | |||||
| CVE-2023-23505 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-03-11 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, iOS 15.7.3 and iPadOS 15.7.3, iOS 16.3 and iPadOS 16.3. An app may be able to access information about a user’s contacts. | |||||
| CVE-2023-46171 | 1 Ibm | 2 Ds8900f, Ds8900f Firmware | 2025-03-11 | N/A | 4.3 MEDIUM |
| IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to view sensitive log information after enumerating filenames. IBM X-Force ID: 269408. | |||||
| CVE-2025-0071 | 2025-03-11 | N/A | 4.9 MEDIUM | ||
| SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. There is no impact on integrity or availability. | |||||
| CVE-2025-1296 | 2025-03-10 | N/A | 6.5 MEDIUM | ||
| Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19. | |||||
| CVE-2025-1979 | 2025-03-06 | N/A | 6.4 MEDIUM | ||
| Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the password. This is only exploitable if: 1) Logging is enabled; 2) Redis is using password authentication; 3) Those logs are accessible to an attacker, who can reach that redis instance. **Note:** It is recommended that anyone who is running in this configuration should update to the latest version of Ray, then rotate their redis password. | |||||