Login Sign Up

CWE-532: CWE-532

208
Total CVEs
12
Critical
76
High
6.4
Avg CVSS
1
In CISA KEV

Yearly Trend

2026
29
2025
79
2024
59
2023
18
2022
11

Top Affected Vendors

1 Apple 14
2 Dell 13
3 Ibm 13
4 Microsoft 11
5 Elastic 6
6 Apache 6
7 Broadcom 5
8 Splunk 5
9 Jetbrains 3
10 Fortinet 3

All CWE-532 CVEs (208)

CVE-2022-36407
9.9

This vulnerability allows local users to gain sensitive information through insertion of sensitive data into log files in multiple Hitachi Virtual Sto...

Mar 25, 2024
CVE-2021-32724
9.9

CVE-2021-32724 is a critical vulnerability in the check-spelling GitHub Action that allows attackers to steal GITHUB_TOKEN secrets via crafted pull re...

Sep 9, 2021
CVE-2026-22778
9.8

This vulnerability in vLLM allows attackers to leak heap memory addresses by sending invalid images to the multimodal endpoint, which reduces ASLR ent...

Feb 2, 2026
CVE-2025-11008
9.8

The CE21 Suite WordPress plugin exposes sensitive authentication credentials in log files, allowing unauthenticated attackers to steal login credentia...

Nov 4, 2025
CVE-2025-6391
9.8

Brocade ASCG versions before 3.3.0 log JSON Web Tokens (JWT) in plain text within log files. Attackers with access to these logs can extract unencrypt...

Jul 17, 2025
CVE-2024-52009
9.8

CVE-2024-52009 is a critical vulnerability in Atlantis that logs GitHub access tokens during rotation, exposing them to anyone with log read access. T...

Nov 8, 2024
CVE-2024-34706
9.8

This vulnerability exposes user access tokens (JWTs) to the api.form.io domain when opening forms in Valtimo, allowing attackers to steal tokens and i...

May 14, 2024
CVE-2021-37759
9.8

This vulnerability allows attackers to steal session IDs from Graylog DEBUG log files, enabling them to impersonate legitimate users and gain their ac...

Jul 31, 2021
CVE-2023-36649
9.1

CVE-2023-36649 allows attackers to obtain JWT tokens from Grafana logs or Loki REST API in ProLion CryptoSpike 3.0.15P2. With these tokens, attackers ...

Dec 12, 2023
CVE-2023-31422
9.0

Kibana 8.10.0 logs sensitive information like authentication credentials, cookies, and authorization headers in error logs when configured with JSON l...

Oct 26, 2023
CVE-2023-32478
9.0

Dell PowerStore storage systems prior to version 3.5.0.1 write sensitive information to log files. A malicious high-privileged user could exploit this...

Jul 21, 2023
CVE-2022-31098
9.0

This vulnerability in Weave GitOps allows authenticated remote attackers to view sensitive Kubernetes cluster configurations and service account token...

Jun 27, 2022
CVE-2025-30105
8.8

Dell XtremIO version 6.4.0-22 logs sensitive information like credentials in log files. A low-privileged attacker with local access can read these log...

Jul 30, 2025
CVE-2024-27784
8.8

This vulnerability allows authenticated remote attackers to access sensitive information from API endpoints or log files in Fortinet FortiAIOps. Attac...

Jul 9, 2024
CVE-2021-21601
8.8

Dell EMC Data Protection Search and IDPA contain an information exposure vulnerability where sensitive user credentials are logged in plain text. A lo...

Aug 10, 2021
CVE-2026-23493
8.6

Pimcore versions before 12.3.1 and 11.5.14 store sensitive information like database passwords and session cookies in the http_error_log file, which c...

Jan 15, 2026
CVE-2024-29959
8.6

This vulnerability in Brocade SANnav management software exposes encrypted switch passwords in support save files from standby nodes. Attackers with a...

Apr 19, 2024
CVE-2024-42407
8.5

This vulnerability in Gallagher Command Centre's Alarm Transmitter feature allows authenticated operators to view sensitive security information they ...

Dec 12, 2024
CVE-2023-46672
8.4

CVE-2023-46672 is a Logstash vulnerability where sensitive information from the keystore can be exposed in JSON-formatted logs when referenced as vari...

Nov 15, 2023
CVE-2024-43444
8.2

This vulnerability exposes agent and customer passwords in plain text within OTRS admin logs when specific authentication source configurations align ...

Aug 26, 2024
CVE-2023-46230
8.2

Splunk Add-on Builder versions below 4.1.4 write sensitive information like credentials and API keys to internal log files. This vulnerability allows ...

Jan 30, 2024
CVE-2021-21558
8.2

CVE-2021-21558 is an information disclosure vulnerability in Dell EMC NetWorker backup software where local administrators can read LDAP credentials f...

Jun 8, 2021
CVE-2026-22038
8.1

AutoGPT versions before beta-v0.6.46 log API keys and authentication secrets in plaintext when using Stagehand integration blocks. This exposes sensit...

Feb 4, 2026
CVE-2023-6746
8.1

CVE-2023-6746 is an information disclosure vulnerability in GitHub Enterprise Server where sensitive data is logged, potentially enabling man-in-the-m...

Dec 21, 2023
CVE-2023-46667
8.1

Fleet Server versions 8.10.0 through 8.10.2 log agent enrollment tokens in plain text, allowing attackers who access logs to enroll unauthorized agent...

Oct 26, 2023
CVE-2021-36278
8.1

Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 expose sensitive information in log files. Local users with specific privileges (ISI_PR...

Aug 16, 2021
CVE-2025-23374
8.0

Dell Networking Switches running Enterprise SONiC OS versions before 4.4.1 and 4.2.3 have a vulnerability where sensitive information can be inserted ...

Jan 30, 2025
CVE-2023-46671
8.0

This vulnerability in Kibana logs sensitive credentials like kibana_system user passwords, API keys, and end-user credentials when specific errors occ...

Dec 13, 2023
CVE-2024-25959
7.9

Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x log sensitive information that could be accessed by local low-privileged users. This vulnerabil...

Mar 28, 2024
CVE-2025-11547
7.8

CVE-2025-11547 is a privilege escalation vulnerability in AXIS Camera Station Pro that allows authenticated non-admin users to gain administrative pri...

Feb 10, 2026
CVE-2025-66411
7.8

CVE-2025-66411 is an information disclosure vulnerability in Coder where sensitive values in Workspace Agent manifests were logged in plaintext withou...

Dec 3, 2025
CVE-2025-34188
7.8

This vulnerability allows local users to extract authentication session tokens from cleartext log files in Vasion Print (formerly PrinterLogic) deploy...

Sep 19, 2025
CVE-2023-22572
7.8

Dell PowerScale OneFS versions 9.1.0.x through 9.4.0.x log sensitive information (likely passwords) when users change passwords via the API. A local a...

Feb 1, 2023
CVE-2021-36289
7.8

Dell VNX2 OE for File versions 8.1.21.266 and earlier contain a sensitive information disclosure vulnerability that allows local malicious users to re...

Jan 25, 2022
CVE-2021-36340
7.8

Dell EMC Secure Connect Gateway (SCG) versions 5.00.00.10 and earlier contain a sensitive information disclosure vulnerability. A local malicious user...

Nov 20, 2021
CVE-2021-1442
7.8

This vulnerability allows authenticated local attackers with low privileges to escalate to Administrator level (level 15) on Cisco IOS XE devices. Att...

Mar 24, 2021
CVE-2025-31213
7.6

This CVE describes a logging vulnerability in Apple's iCloud Keychain where sensitive data (usernames and associated websites) was not properly redact...

May 12, 2025
CVE-2025-30205
7.6

A vulnerability in kanidm-provision versions before 1.2.0 causes admin credentials to be leaked to system logs when using optional patches to provisio...

Mar 24, 2025
CVE-2026-25813
7.5

PlaciPy placement management system logs sensitive data to console output without redaction in version 1.0.0. This allows attackers with access to con...

Feb 9, 2026
CVE-2026-24762
7.5

RustFS versions alpha.13 through alpha.81 log sensitive AWS credentials (access keys, secret keys, session tokens) in plaintext at INFO level. This al...

Feb 3, 2026
CVE-2026-22782
7.5

RustFS versions 1.0.0-alpha.1 through 1.0.0-alpha.79 log the shared HMAC secret when invalid RPC signatures are received. This exposes the secret to a...

Jan 16, 2026
CVE-2025-68675
7.5

Apache Airflow versions before 3.1.6 expose proxy credentials in logs when connections contain proxy URLs with embedded authentication. This allows at...

Jan 16, 2026
CVE-2025-14437
7.5

The Hummingbird Performance WordPress plugin exposes sensitive information including Cloudflare API credentials to unauthenticated attackers via the '...

Dec 18, 2025
CVE-2025-13743
7.5

Docker Desktop diagnostics bundles inadvertently include expired Personal Access Tokens (PATs) in log output due to error object serialization issues....

Dec 9, 2025
CVE-2025-62232
7.5

This vulnerability in Apache APISIX exposes basic authentication credentials (usernames and passwords) in plaintext within error logs when log levels ...

Oct 31, 2025
CVE-2025-11504
7.5

The Quickcreator WordPress plugin exposes API keys through an accessible text file, allowing unauthenticated attackers to obtain credentials and perfo...

Oct 24, 2025
CVE-2025-62513
7.5

OpenBao versions 2.2.0 to 2.4.1 have an audit log regression where raw HTTP bodies for certain endpoints aren't properly redacted. This leaks ACME ver...

Oct 22, 2025
CVE-2025-34183
7.5

This vulnerability allows unauthenticated remote attackers to retrieve plaintext credentials from exposed log files in Ilevia EVE X1 Server. It enable...

Sep 16, 2025
CVE-2025-2092
7.5

This vulnerability causes Checkmk to write remote site authentication secrets to log files accessible to administrators. Attackers with access to thes...

Apr 22, 2025
CVE-2025-1075
7.5

This vulnerability in Checkmk monitoring software causes LDAP authentication credentials to be written to Apache error log files. Administrators with ...

Feb 19, 2025

About CWE-532 (CWE-532)

Our database tracks 208 CVEs classified as CWE-532, with 12 rated critical and 76 rated high severity. The average CVSS score for CWE-532 vulnerabilities is 6.4.

External reference: View CWE-532 on MITRE CWE →

Monitor CWE-532 Vulnerabilities

Get alerted when new CWE-532 CVEs affect your infrastructure.

Start Monitoring Free