CWE-532: CWE-532

The Featured Image from URL WordPress plugin exposes sensitive information through publicly accessible log files in versions up to 5.2.7. Unauthentica...

This vulnerability allows attackers to retrieve sensitive data embedded in log files generated by the AIO Performance Profiler WordPress plugin. It af...

IBM Business Automation Workflow versions 22.0.2 through 24.0.0 store sensitive information in log files that authenticated users can read. This infor...

FOG Server versions 1.5.10.41.4 and earlier store login logs in publicly accessible web server directories, exposing usernames, IP addresses, and user...

This vulnerability in Steeltoe's Eureka discovery client logs authentication credentials when multiple Eureka server URLs with basic authentication ar...

This vulnerability in the WordPress Affiliate Toolkit plugin causes sensitive information to be written to log files, potentially exposing credentials...

VMware Cloud Director Object Storage Extension logs sensitive information in URLs, which could be exposed through web/proxy server logs. Attackers wit...

The WP 2FA WordPress plugin versions up to 2.6.3 write sensitive information to log files that should be protected. This allows attackers with access ...

This vulnerability allows sensitive information to be written to log files in the Octolize USPS Shipping for WooCommerce plugin. Attackers could poten...

The Debug Log - Manger Tool WordPress plugin versions up to 1.4.5 can write sensitive information like passwords or API keys to log files. This affect...

The AlexaCRM Dynamics 365 Integration WordPress plugin versions up to 1.3.17 write sensitive information to log files, potentially exposing credential...

This vulnerability allows session hijacking through information exposure in Hitachi management software. Attackers can intercept or access session dat...

This CVE allows sensitive Elasticsearch document contents to be exposed in application logs when Watcher search input is configured with DEBUG logging...

This vulnerability allows remote attackers to download the Java keystore containing SAML signing private keys via WebDAV in non-default configurations...

The source-controller Kubernetes operator logs Azure SAS tokens when connection errors occur with Azure Blob Storage. Attackers with access to these l...

An authenticated local attacker can exploit this vulnerability in B&R PVI client versions prior to 6.5 to gather credential information from log files...

An information disclosure vulnerability in Tanium Threat Response could allow authenticated users to access sensitive data they shouldn't have permiss...

IBM Aspera Console 3.4.7 stores sensitive information in log files that could be accessed by local privileged users. This vulnerability allows attacke...

Microsoft Teams Admin Center may write sensitive data to log files when administrators make device configuration changes. Only users with admin creden...

This vulnerability allows authenticated administrators on Cisco TelePresence and RoomOS systems to view unencrypted credentials in audit logs when SIP...

SAP Web Dispatcher and Internet Communication Manager allow administrators to enable debugging trace mode with a specific parameter, exposing unencryp...

During SANnav installation or upgrade error conditions, the encryption key can be written to and retrieved from a supportsave file. Attackers with pri...

IBM Security Guardium Key Lifecycle Manager versions 4.1 through 4.2.1 store sensitive information in log files that could be read by local privileged...

Apache NiFi versions 1.16.0-1.28.0 and 2.0.0-M1-2.0.0-M4 have debug logging that can expose sensitive parameter values when enabled. Authorized admini...

Dell OpenManage Enterprise versions 3.10 through 4.2 contain a vulnerability where sensitive information is written to log files during backup and res...

This CVE describes an information exposure vulnerability in Hitachi Ops Center API Configuration Manager and Hitachi Configuration Manager. The vulner...

This vulnerability allows sensitive information to be written to Windows NTFS log files, which could be accessed by an attacker with physical access t...

A vulnerability in SonicWall SMA100 Series appliances may expose partial user credential data in log files under certain conditions. This allows remot...

This vulnerability exposes SNMP credentials in log files due to sensitive information being written to logs. Attackers who gain access to controller l...

This vulnerability allows local users to view user email addresses in log files through the LDAP import feature in Liferay Portal and DXP. It affects ...

This vulnerability in Fortinet FortiDLP allows attackers to obtain sensitive information by reusing enrollment codes that were improperly logged. It a...

IBM InfoSphere Information Server 11.7 may expose sensitive user credentials in log files during new installations. This vulnerability allows attacker...

BIG-IP Next Central Manager logs sensitive authentication information in pgaudit log files when users log in via webUI or API using local authenticati...

IBM Cloud Pak for Multicloud Management versions 2.3 through 2.3 FP8 store user credentials in plain text within log files. This allows privileged use...

SINEMA Remote Connect Client versions before V3.2 SP2 write sensitive configuration data to log files that are readable by all legitimate system users...

M-Files Server versions before 22.10.11846.0 can log sensitive authentication tokens to log files when specific configurations are enabled. This vulne...

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 write sensitive information to log files, potentially exposing credentials or oth...

Rancher Manager exposes sensitive information including secrets, cluster import URLs, and registration tokens in audit logs accessible to any user wit...

This vulnerability in IBM Cloud Pak System allows authenticated users to access sensitive information from log files. It affects multiple versions of ...

The CheckUser extension for MediaWiki has a vulnerability where the Special:Investigate feature can expose suppressed log event information that shoul...

Directus systems with LOG_STYLE set to 'raw' expose access tokens in query strings within system logs. Attackers with log access can steal these token...

This vulnerability exposes F5 iHealth credentials in BIG-IP Central Manager logs when generating QKView diagnostic files from BIG-IP Next instances. T...

This vulnerability causes Microsoft IIS servers hosting C•CURE 9000 Web Server to log Windows credential details in log files under certain circumst...

GoCD versions 20.5.0 through 23.1.0 can leak database credentials in admin alerts when backups are enabled but required database dump utilities are mi...

Medtronic CareLink Network logs plaintext passwords in error messages under certain conditions, allowing local attackers with access to API server log...

CVE-2025-42935 allows authorized administrators with local file system access to read sensitive information from SAP NetWeaver ICM log files. This vul...

This vulnerability involves improper log printing in Huawei's Super Home Screen module, potentially exposing sensitive information in log files. It af...

This vulnerability exposes dependency proxy credentials in GraphQL logs in GitLab instances. Attackers with access to these logs could obtain credenti...

Secure Access versions 12.70 through 14.20 may write unredacted authentication tokens to logs under certain configurations. Attackers with access to t...

This vulnerability allows malicious apps to enumerate a user's installed applications on iOS and iPadOS devices. It affects users running vulnerable v...