ReportizFlow
Filtered by vendor
Subscriptions
Total
1088 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21316 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2026-02-13 | 5.5 Medium |
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-25002 | 1 Microsoft | 1 Azure Local Cluster | 2026-02-13 | 6.8 Medium |
| Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network. | ||||
| CVE-2025-66411 | 1 Coder | 1 Coder | 2026-02-13 | 7.8 High |
| Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access to the Coder Workspace (VM, K8s Pod etc.) or a third-party system (SIEM, logging stack) could access those logs. This vulnerability is fixed in 2.26.5, 2.27.7, and 2.28.4. | ||||
| CVE-2026-20663 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2026-02-13 | 3.3 Low |
| The issue was resolved by sanitizing logging. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An app may be able to enumerate a user's installed apps. | ||||
| CVE-2026-1495 | 1 Aveva | 1 Pi To Connect Agent | 2026-02-12 | 6.5 Medium |
| The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server. | ||||
| CVE-2025-15332 | 1 Tanium | 2 Service Threatresponse, Threat Response | 2026-02-10 | 4.9 Medium |
| Tanium addressed an information disclosure vulnerability in Threat Response. | ||||
| CVE-2026-22782 | 1 Rustfs | 1 Rustfs | 2026-02-09 | 7.5 High |
| RustFS is a distributed object storage system built in Rust. From >= 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signatures cause the server to log the shared HMAC secret (and expected signature), which exposes the secret to log readers and enables forged RPC calls. In crates/ecstore/src/rpc/http_auth.rs, the invalid signature branch logs sensitive data. This log line includes secret and expected_signature, both derived from the shared HMAC key. Any invalidly signed request triggers this path. The function is reachable from RPC and admin request handlers. This vulnerability is fixed in 1.0.0-alpha.80. | ||||
| CVE-2026-25211 | 1 Llamastack | 1 Llama Stack | 2026-02-04 | 3.2 Low |
| Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log. | ||||
| CVE-2026-1622 | 1 Neo4j | 2 Community Edition, Enterprise Edition | 2026-02-04 | 5.5 Medium |
| Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files. The "obfuscate_literals" option in the query logs does not redact error information, exposing unredacted data in the query log when a customer writes a query that fails. It can allow a user with legitimate access to the local log files to obtain information they are not authorised to see. If this user is also in a position to run queries and trigger errors, this vulnerability can potentially help them to infer information they are not authorised to see through their intended database access. We recommend upgrading to versions 2026.01.3 (or 5.26.21) where the issue is fixed, and reviewing query log files permissions to ensure restricted access. If your configuration had db.logs.query.obfuscate_literals enabled, and you wish the obfuscation to cover the error messages as well, you need to enable the new configuration setting db.logs.query.obfuscate_errors once you have upgraded Neo4j. | ||||
| CVE-2026-0519 | 1 Absolute | 1 Secure Access | 2026-02-02 | 3.4 Low |
| In Secure Access 12.70 and prior to 14.20, the logging subsystem may write an unredacted authentication token to logs under certain configurations. Any party with access to those logs could read the token and reuse it to access an integrated system. | ||||
| CVE-2025-6391 | 1 Brocade | 1 Ascg | 2026-02-02 | 9.8 Critical |
| Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure. | ||||
| CVE-2025-13743 | 1 Docker | 1 Docker Desktop | 2026-01-30 | 7.5 High |
| Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred. | ||||
| CVE-2025-13925 | 1 Ibm | 1 Aspera Console | 2026-01-30 | 4.9 Medium |
| IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user. | ||||
| CVE-2026-0936 | 1 Br-automation | 1 Process Visualization Interface | 2026-01-30 | 5 Medium |
| An Insertion of Sensitive Information into Log File vulnerability in B&R PVI client versions prior to 6.5 may be abused by an authenticated local attacker to gather credential information which is processed by the PVI client application. The logging function of the PVI client application is disabled by default and must be explicitly enabled by the user. | ||||
| CVE-2025-58189 | 1 Golang | 2 Crypto, Go | 2026-01-29 | 5.3 Medium |
| When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped. | ||||
| CVE-2025-59355 | 1 Apache | 1 Linkis | 2026-01-28 | 6.5 Medium |
| A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode() fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.error(str + "decode failed", e). If the input parameter contains sensitive information such as Hive Metastore keys, plaintext passwords will be left in the log files when decoding fails, resulting in information leakage. Affected Scope Component: Sensitive fields in hive-site.xml (e.g., javax.jdo.option.ConnectionPassword) or other fields encoded in Base64. Version: Apache Linkis 1.0.0 – 1.7.0 Trigger Conditions The value of the configuration item is an invalid Base64 string. Log files are readable by users other than hive-site.xml administrators. Severity: Low The probability of Base64 decoding failure is low. The leakage is only triggered when logs at the Error level are exposed. Remediation Apache Linkis 1.8.0 and later versions have replaced the log with desensitized content. logger.error("URL decode failed: {}", e.getMessage()); // 不再输出 str Users are recommended to upgrade to version 1.8.0, which fixes the issue. | ||||
| CVE-2025-43508 | 1 Apple | 2 Macos, Macos Tahoe | 2026-01-27 | 5.5 Medium |
| A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data. | ||||
| CVE-2024-39532 | 2 Juniper, Juniper Networks | 4 Junos, Junos Os Evolved, Junos Os and 1 more | 2026-01-23 | 6.3 Medium |
| An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information. When another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information. This issue affects: Junos OS: * All versions before 21.2R3-S9; * 21.4 versions before 21.4R3-S9; * 22.2 versions before 22.2R2-S1, 22.2R3; * 22.3 versions before 22.3R1-S1, 22.3R2; Junos OS Evolved: * All versions before before 22.1R3-EVO; * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO. | ||||
| CVE-2026-23493 | 1 Pimcore | 1 Pimcore | 2026-01-21 | 8.6 High |
| Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through the Pimcore backend. This vulnerability is fixed in 12.3.1 and 11.5.14. | ||||
| CVE-2025-36599 | 1 Dell | 1 Powerflex Manager | 2026-01-16 | 4.3 Medium |
| Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the system with privileges of the compromised account. | ||||