Total
1076 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39532 | 1 Juniper | 2 Junos, Junos Os Evolved | 2026-01-22 | N/A | 6.3 MEDIUM |
| An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information. When another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information. This issue affects: Junos OS: * All versions before 21.2R3-S9; * 21.4 versions before 21.4R3-S9; * 22.2 versions before 22.2R2-S1, 22.2R3; * 22.3 versions before 22.3R1-S1, 22.3R2; Junos OS Evolved: * All versions before before 22.1R3-EVO; * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO. | |||||
| CVE-2026-23493 | 1 Pimcore | 1 Pimcore | 2026-01-20 | N/A | 8.6 HIGH |
| Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through the Pimcore backend. This vulnerability is fixed in 12.3.1 and 11.5.14. | |||||
| CVE-2025-36599 | 1 Dell | 1 Powerflex Manager | 2026-01-16 | N/A | 4.3 MEDIUM |
| Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the system with privileges of the compromised account. | |||||
| CVE-2025-25002 | 1 Microsoft | 1 Azure Local Cluster | 2026-01-16 | N/A | 6.8 MEDIUM |
| Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network. | |||||
| CVE-2026-20818 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2026-01-14 | N/A | 6.2 MEDIUM |
| Insertion of sensitive information into log file in Windows Kernel allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2025-26332 | 1 Dell | 3 Techadvisor, Xtremio Management Server, Xtremio X2 | 2026-01-14 | N/A | 8.8 HIGH |
| TechAdvisor versions 2.6 through 3.37-30 for Dell XtremIO X2, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2025-30105 | 1 Dell | 3 Techadvisor, Xtremio Management Server, Xtremio X2 | 2026-01-14 | N/A | 8.8 HIGH |
| Dell XtremIO, version(s) 6.4.0-22, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2025-36573 | 1 Dell | 4 Pro Smart Dock Sd25, Pro Smart Dock Sd25 Firmware, Pro Thunderbolt 4 Smart Dock Sd25tb4 and 1 more | 2026-01-13 | N/A | 7.1 HIGH |
| Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an Insertion of Sensitive Information into Log File vulnerability. A user with local access could potentially exploit this vulnerability, leading to Information disclosure. | |||||
| CVE-2024-27784 | 1 Fortinet | 1 Fortiaiops | 2026-01-09 | N/A | 8.8 HIGH |
| Multiple Exposure of sensitive information to an unauthorized actor weaknesses [CWE-200] vulnerability in Fortinet FortiAIOps 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files. | |||||
| CVE-2025-14010 | 1 Redhat | 1 Community.general | 2026-01-02 | N/A | 5.5 MEDIUM |
| A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access. | |||||
| CVE-2025-66910 | 1 Turms-im | 1 Turms | 2026-01-02 | N/A | 6.0 MEDIUM |
| Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login, raw passwords are stored unencrypted in memory in the rawPassword field. Attackers with local system access can extract these passwords through memory dumps, heap analysis, or debugger attachment, bypassing bcrypt protection. | |||||
| CVE-2025-63729 | 1 Syrotech | 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware | 2025-12-30 | N/A | 9.0 CRITICAL |
| An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format in firmware in etc folder. | |||||
| CVE-2024-6060 | 2025-12-30 | N/A | N/A | ||
| An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information. | |||||
| CVE-2025-68919 | 2025-12-29 | N/A | 5.6 MEDIUM | ||
| Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express (DX / AF Management Software) before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to potentially affect system confidentiality, integrity, and availability. | |||||
| CVE-2025-37727 | 1 Elastic | 1 Elasticsearch | 2025-12-23 | N/A | 5.7 MEDIUM |
| Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex | |||||
| CVE-2025-12996 | 1 Medtronic | 1 Carelink Network | 2025-12-22 | N/A | 4.1 MEDIUM |
| Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025. | |||||
| CVE-2025-10221 | 2 Axxonsoft, Microsoft | 2 Axxon One, Windows | 2025-12-19 | N/A | 5.5 MEDIUM |
| Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in AxxonSoft Axxon One / AxxonNet / C-WerkNet 2.0.4 and earlier on Windows platforms allows a local attacker to obtain plaintext credentials via reading TRACE log files containing serialized JSON with passwords. | |||||
| CVE-2025-43475 | 1 Apple | 2 Ipados, Iphone Os | 2025-12-18 | N/A | 5.5 MEDIUM |
| A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data. | |||||
| CVE-2025-46277 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-12-18 | N/A | 3.3 LOW |
| A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2. An app may be able to access a user’s Safari history. | |||||
| CVE-2025-14432 | 1 Hp | 18 Poly Eagleeye Cube, Poly Eagleeye Iv, Poly Studio A2 and 15 more | 2025-12-18 | N/A | 4.9 MEDIUM |
| In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC) to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration changes made using the provisioning server or the device WebUI. | |||||