CWE-532: CWE-532

This vulnerability allows malicious applications to bypass browser extension authentication in Safari by exploiting a logging issue that exposes sensi...

ValeApp versions before 2.0.0 write sensitive information to log files, potentially exposing credentials, tokens, or other confidential data. This aff...

This vulnerability in the Ghost Foundation Ghost WordPress plugin allows sensitive information to be written to log files, potentially exposing creden...

SolidUI 0.4.0 contains a debug print statement that exposes OpenAI API keys in application logs. This allows anyone with access to logs to steal sensi...

The Solid Affiliate WordPress plugin versions up to 1.9.1 write sensitive information to log files that could be accessed by unauthorized users. This ...

The Simply Static WordPress plugin versions up to 3.1.3 write sensitive information to log files that could be accessed by unauthorized users. This vu...

Brocade SANnav servers configured in Disaster Recovery mode store encryption keys in DR log files, creating an additional attack surface. Attackers wh...

The SearchIQ WordPress plugin versions up to 4.5 write sensitive information to log files, potentially exposing credentials or other private data. Thi...

This vulnerability in the CF7 Google Sheets Connector WordPress plugin allows sensitive information to be written to debug log files. Attackers can po...

This vulnerability in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information stored in the EnterpriseManagementInstaller_msi.log file...

The N-able PassPortal Chrome extension before version 3.29.2 writes sensitive information to log files, potentially exposing credentials or other conf...

The PayHere Payment Gateway WordPress plugin before version 2.2.12 automatically creates publicly accessible log files containing sensitive transactio...

Headscale versions through 0.22.3 write bearer tokens to info-level logs, exposing authentication credentials. This affects all Headscale deployments ...

Apache Airflow and its Celery provider versions 1.10.0-2.6.3 and 3.3.0-3.4.0 log sensitive information in clear text when using rediss, amqp, or rpc p...

This vulnerability allows remote attackers to access sensitive information from Shenzhen Reachfar v28 devices by retrieving log files from the 'log2' ...

This vulnerability allows remote attackers to download log files containing sensitive information from Trend Micro Mobile Security (Enterprise). Attac...

The SUSHIRO Android app logs sensitive credential information to device log files, allowing attackers with physical or remote access to the device to ...

CVE-2021-36544 is an incorrect access control vulnerability in tpcms 3.2 that allows remote attackers to view sensitive information by manipulating pa...

CVE-2022-32556 is a sensitive information disclosure vulnerability in Couchbase Server where private keys are written to log files during certain cras...

CVE-2022-32565 is an information disclosure vulnerability in Couchbase Server where the Backup Service logs contain unredacted usernames and document ...

CVE-2022-27442 allows attackers to access ThinkPHP log directories in TPCMS v3.2, potentially exposing administrator credentials and other sensitive i...

This vulnerability in Jupyter Notebook allows unauthorized actors to access sensitive authentication cookies and header values from server logs when 5...

CVE-2022-27192 is an information disclosure vulnerability in the Reporting module of Aseco Lietuva's DVS Avilys document management system. It allows ...

CVE-2022-24757 allows unauthorized actors to access sensitive authentication information from Jupyter Server logs when 5xx errors occur. This affects ...

HashiCorp Terraform Enterprise versions v202112-1 through v202201-2 log inbound HTTP requests in a way that may capture sensitive data like credential...

Apache Geode versions up to 1.12.4 and 1.13.4 fail to properly redact sensitive information in log files when passwords or security properties begin w...

Acronis Agent versions before build 27147 on Windows, Linux, and macOS can log sensitive information to system logs. This vulnerability allows attacke...

Motorola CX2 router firmware versions including Build 20190508 Rel.97360n store admin passwords and private keys in log files that are included in tar...

CVE-2020-23284 is an information disclosure vulnerability in MV's IDCE application v1.0 that allows unauthenticated attackers to access sensitive data...

This vulnerability in Zammad allows attackers to probe email connection configurations and obtain sensitive information like email server credentials....

CVE-2021-22516 is a sensitive information disclosure vulnerability in Micro Focus Secure API Manager (SAPIM) version 2.0.0 where sensitive data like c...

Snyk CLI versions before 1.1297.3 expose sensitive credentials in debug logs when running in DEBUG or TRACE mode. This affects users who run Snyk cont...

Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9 may expose authentication tokens during validation when debug logging is enabled. This allows...

Dell Smart Dock Firmware versions before 01.00.08.01 write sensitive information to log files that local users can read. This allows information discl...

This vulnerability allows low-privileged Splunk users to run searches with higher-privileged user permissions through a phishing attack, potentially e...

A vulnerability in iTop DualSafe Password Manager & Digital Vault allows local attackers to access sensitive credentials stored in plaintext within lo...

This vulnerability in FreeScout exposes SMTP server credentials to authenticated users through stack traces stored in the database and accessible via ...

CVE-2025-62879 is a sensitive information disclosure vulnerability in Rancher Backup Operator where S3 access tokens (accessKey and secretKey) are lea...

This vulnerability allows authenticated users with access to Splunk's _internal index to view SAML configuration data in plain text within log files. ...

This vulnerability allows users with access to Splunk's _internal index to view sensitive authentication secrets in plain text. Specifically, Duo Two-...

Brocade SANnav versions before 2.2.2 log switch passwords in plaintext when debugging is enabled. This allows attackers with access to logs to obtain ...

CVE-2024-32757 is an information disclosure vulnerability in Johnson Controls Metasys products where system logs inadvertently contain sensitive user ...

This vulnerability allows attackers to retrieve authentication sessions from clear-text logs, potentially enabling credential theft and authentication...

This vulnerability allows read-only administrators to retrieve API tokens of other administrators by examining REST API logs when REST API logging is ...

Tanium Trends logs sensitive information that should not be exposed. This vulnerability affects organizations using Tanium Trends who have access to l...

JetBrains YouTrack versions before 2025.3.119033 expose access tokens in Mailbox logs, potentially allowing attackers to steal authentication credenti...

IBM Storage Defender - Resiliency Service versions 2.0.0 through 2.0.18 write sensitive user credentials to log files. This allows attackers with acce...

This vulnerability in upKeeper Manager logs sensitive domain credentials in log files, potentially exposing authentication information. Attackers who ...

Apache ActiveMQ Artemis versions 1.5.1 through 2.39.0 log sensitive broker configuration properties when debug logging is enabled. This exposes creden...

Nomad audit logs unintentionally expose sensitive workload identity tokens and client secret tokens. This allows attackers with access to audit logs t...