Total
1076 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-62879 | 1 Suse | 1 Rancher Backup And Restore Operator | 2026-03-05 | N/A | 6.8 MEDIUM |
| A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs. | |||||
| CVE-2026-1265 | 1 Ibm | 1 Infosphere Information Server | 2026-03-04 | N/A | 4.3 MEDIUM |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file. | |||||
| CVE-2026-25918 | 1 Rageagainstthepixel | 1 Unity-cli | 2026-02-28 | N/A | 5.5 MEDIUM |
| unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via JSON.stringify without sanitization, exposing secrets to shell history, CI/CD logs, and log aggregation systems. This vulnerability is fixed in 1.8.2. | |||||
| CVE-2026-1292 | 1 Tanium | 1 Trends | 2026-02-27 | N/A | 6.5 MEDIUM |
| Tanium addressed an insertion of sensitive information into log file vulnerability in Trends. | |||||
| CVE-2026-2350 | 1 Tanium | 1 Interact | 2026-02-27 | N/A | 6.5 MEDIUM |
| Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS. | |||||
| CVE-2025-0976 | 3 Hitachi, Linux, Microsoft | 4 Configuration Manager, Ops Center Api Configuration Manager, Linux Kernel and 1 more | 2026-02-27 | N/A | 4.7 MEDIUM |
| Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.4-00; Hitachi Configuration Manager: from 8.6.1-00 before 11.0.5-00. | |||||
| CVE-2025-5781 | 3 Hitachi, Linux, Microsoft | 5 Configuration Manager, Device Manager, Ops Center Api Configuration Manager and 2 more | 2026-02-27 | N/A | 5.2 MEDIUM |
| Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, Hitachi Device Manager allows Session Hijacking.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.5-00; Hitachi Configuration Manager: from 8.5.1-00 before 11.0.5-00; Hitachi Device Manager: from 8.4.1-00 before 8.6.5-00. | |||||
| CVE-2022-0338 | 1 Loguru Project | 1 Loguru | 2026-02-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3. | |||||
| CVE-2025-68675 | 1 Apache | 1 Airflow | 2026-02-24 | N/A | 7.5 HIGH |
| In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed. Users are recommended to upgrade to 3.1.6 or later for Airflow 3, and 2.11.1 or later for Airflow 2 which fixes this issue | |||||
| CVE-2026-22778 | 1 Vllm | 1 Vllm | 2026-02-23 | N/A | 9.8 CRITICAL |
| vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guesses to ~8 guesses. This vulnerability can be chained a heap overflow with JPEG2000 decoder in OpenCV/FFmpeg to achieve remote code execution. This vulnerability is fixed in 0.14.1. | |||||
| CVE-2026-24762 | 1 Rustfs | 1 Rustfs | 2026-02-23 | N/A | 7.5 HIGH |
| RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material (access key, secret key, session token) to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be accessible to internal or external log consumers and could lead to compromise of sensitive credentials. This issue has been patched in version alpha.82. | |||||
| CVE-2026-20142 | 1 Splunk | 1 Splunk | 2026-02-23 | N/A | 6.8 MEDIUM |
| In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the Splunk `_internal` index could view the RSA `accessKey` value from the [<u>Authentication.conf</u> ](https://help.splunk.com/en/splunk-enterprise/administer/admin-manual/10.2/configuration-file-reference/10.2.0-configuration-file-reference/authentication.conf)file, in plain text. | |||||
| CVE-2026-20144 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2026-02-23 | N/A | 6.8 MEDIUM |
| In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured. | |||||
| CVE-2022-4858 | 1 M-files | 1 M-files Server | 2026-02-23 | N/A | 4.4 MEDIUM |
| Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set. | |||||
| CVE-2021-41808 | 1 M-files | 1 M-files Server | 2026-02-23 | 1.9 LOW | 2.0 LOW |
| In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log. Mitigating factors are logging is disabled by default. | |||||
| CVE-2026-2605 | 1 Tanium | 1 Tanos | 2026-02-20 | N/A | 5.3 MEDIUM |
| Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS. | |||||
| CVE-2024-25959 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | N/A | 7.9 HIGH |
| Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges. | |||||
| CVE-2023-32491 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | N/A | 6.3 MEDIUM |
| Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2026-20138 | 1 Splunk | 1 Splunk | 2026-02-20 | N/A | 6.8 MEDIUM |
| In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the Splunk `_internal` index could view the `integrationKey`, `secretKey`, and `appSecretKey` secrets, generated by [Duo Two-Factor Authentication for Splunk Enterprise](https://duo.com/docs/splunk), in plain text. | |||||
| CVE-2026-25846 | 1 Jetbrains | 1 Youtrack | 2026-02-18 | N/A | 6.5 MEDIUM |
| In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs | |||||