ReportizFlow
Filtered by vendor
Subscriptions
Total
1119 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48493 | 1 Yiiframework | 1 Yii2-redis | 2025-09-18 | 6.5 Medium |
| The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. Version 2.0.20 fixes the issue. | ||||
| CVE-2024-47094 | 1 Checkmk | 1 Checkmk | 2025-09-11 | 5.5 Medium |
| Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users. | ||||
| CVE-2024-9466 | 1 Paloaltonetworks | 1 Expedition | 2025-09-04 | 6.5 Medium |
| A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials. | ||||
| CVE-2025-1998 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-09-01 | 5.5 Medium |
| IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication token information in log files that could be read by a local user. | ||||
| CVE-2024-7577 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-09-01 | 4.4 Medium |
| IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product. | ||||
| CVE-2022-31674 | 1 Vmware | 1 Vrealize Operations | 2025-08-27 | 4.3 Medium |
| VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure. | ||||
| CVE-2025-6392 | 1 Broadcom | 1 Brocade Sannav | 2025-08-27 | 4.4 Medium |
| Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user. | ||||
| CVE-2024-55891 | 1 Typo3 | 1 Typo3 | 2025-08-26 | 3.1 Low |
| TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the problem described. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-36050 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2025-08-26 | 6.2 Medium |
| IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user. | ||||
| CVE-2025-2092 | 1 Checkmk | 1 Checkmk | 2025-08-25 | 7.5 High |
| Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p29, <2.2.0p41 and <=2.1.0p49 (EOL) causes remote site authentication secrets to be written to log files accessible to administrators. | ||||
| CVE-2025-27496 | 1 Snowflake | 1 Snowflake Jdbc | 2025-08-22 | 3.3 Low |
| Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. Snowflake fixed the issue in version 3.23.1. | ||||
| CVE-2023-40694 | 2 Ibm, Redhat | 2 Watson Cp4d Data Stores, Openshift | 2025-08-20 | 6.2 Medium |
| IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 264838. | ||||
| CVE-2025-38745 | 1 Dell | 1 Openmanage Enterprise | 2025-08-19 | 4.8 Medium |
| Dell OpenManage Enterprise, versions 3.10, 4.0, 4.1, and 4.2, contains an Insertion of Sensitive Information into Log File vulnerability in the Backup and Restore. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | ||||
| CVE-2024-45674 | 1 Ibm | 4 Security Verify Bridge, Security Verify Bridge Directory Sync, Security Verify Gateway For Radius and 1 more | 2025-08-18 | 3.3 Low |
| IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores potentially sensitive information in log files that could be read by a local user. | ||||
| CVE-2023-43043 | 1 Ibm | 2 Enterprise Asset Management, Maximo Mobile For Eam | 2025-08-15 | 5.1 Medium |
| IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 could disclose sensitive information to a local user. IBM X-Force ID: 266875. | ||||
| CVE-2023-38271 | 1 Ibm | 1 Cloud Pak System | 2025-08-13 | 4.3 Medium |
| IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files. | ||||
| CVE-2025-52893 | 1 Openbao | 1 Openbao | 2025-08-12 | 4.5 Medium |
| OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data. This is separate from the earlier HCSEC-2025-09 / CVE-2025-4166. This issue has been fixed in OpenBao v2.3.0 and later. Like with HCSEC-2025-09, there is no known workaround except to ensure properly formatted requests from all clients. | ||||
| CVE-2024-7586 | 1 Gitlab | 1 Gitlab | 2025-08-12 | 4.1 Medium |
| An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials. | ||||
| CVE-2024-2877 | 1 Hashicorp | 2 Vault, Vault Enterprise | 2025-08-08 | 5.5 Medium |
| Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8. | ||||
| CVE-2023-46175 | 1 Ibm | 1 Cloud Pak For Multicloud Management Monitoring | 2025-08-08 | 4.4 Medium |
| IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user. | ||||