Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-13750

Summary
Assigner-SNOWFLAKE
Assigner Org ID-412d305a-227d-44f9-a262-a31ba44f2aea
Published At-29 Jun, 2026 | 16:07
Updated At-29 Jun, 2026 | 16:17
Rejected At-
Credits

Snowflake CLI Sensitive Credential Exposure Through Debug Logging

Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent local debug logs. An attacker could exploit this by obtaining read access to the affected user's local log files, causing credentials such as passwords, tokens, or private key material to be exposed without additional application-level safeguards. Successful exploitation requires credentials to be present in the affected connection context and the resulting logs to be accessible from the local environment. The fix is available in Snowflake CLI version 3.19, and users must manually upgrade.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:SNOWFLAKE
Assigner Org ID:412d305a-227d-44f9-a262-a31ba44f2aea
Published At:29 Jun, 2026 | 16:07
Updated At:29 Jun, 2026 | 16:17
Rejected At:
â–¼CVE Numbering Authority (CNA)
Snowflake CLI Sensitive Credential Exposure Through Debug Logging

Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent local debug logs. An attacker could exploit this by obtaining read access to the affected user's local log files, causing credentials such as passwords, tokens, or private key material to be exposed without additional application-level safeguards. Successful exploitation requires credentials to be present in the affected connection context and the resulting logs to be accessible from the local environment. The fix is available in Snowflake CLI version 3.19, and users must manually upgrade.

Affected Products
Vendor
Snowflake
Product
Snowflake CLI
Default Status
unaffected
Versions
Affected
  • From 3.0.0 before 3.19.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-532Insertion of Sensitive Information into Log File
Type: CWE
CWE ID: CWE-532
Description: Insertion of Sensitive Information into Log File
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://community.snowflake.com/s/article/Snowflake-CLI-Vulnerability-Advisory
N/A
Hyperlink: https://community.snowflake.com/s/article/Snowflake-CLI-Vulnerability-Advisory
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:412d305a-227d-44f9-a262-a31ba44f2aea
Published At:29 Jun, 2026 | 16:16
Updated At:30 Jun, 2026 | 16:08

Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent local debug logs. An attacker could exploit this by obtaining read access to the affected user's local log files, causing credentials such as passwords, tokens, or private key material to be exposed without additional application-level safeguards. Successful exploitation requires credentials to be present in the affected connection context and the resulting logs to be accessible from the local environment. The fix is available in Snowflake CLI version 3.19, and users must manually upgrade.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
N/A
Type: Secondary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

snowflake
snowflake
>>snowflake_cli>>Versions from 3.0.0(inclusive) to 3.19.0(exclusive)
cpe:2.3:a:snowflake:snowflake_cli:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-532Secondary412d305a-227d-44f9-a262-a31ba44f2aea
CWE ID: CWE-532
Type: Secondary
Source: 412d305a-227d-44f9-a262-a31ba44f2aea
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://community.snowflake.com/s/article/Snowflake-CLI-Vulnerability-Advisory412d305a-227d-44f9-a262-a31ba44f2aea
Vendor Advisory
Hyperlink: https://community.snowflake.com/s/article/Snowflake-CLI-Vulnerability-Advisory
Source: 412d305a-227d-44f9-a262-a31ba44f2aea
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

211Records found

CVE-2024-49750
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 10.39%
||
7 Day CHG~0.00%
Published-24 Oct, 2024 | 22:03
Updated-06 Nov, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Snowflake Connector for Python has sensitive data in logs

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo passcodes (when specified via the `passcode` parameter) and Azure SAS tokens. Additionally, the SecretDetector logging formatter, if enabled, contained bugs which caused it to not fully redact JWT tokens and certain private key formats. Snowflake released version 3.12.3 of the Snowflake Connector for Python, which fixes the issue. In addition to upgrading, users should review their logs for any potentially sensitive information that may have been captured.

Action-Not Available
Vendor-snowflakesnowflakedb
Product-snowflake_connectorsnowflake-connector-python
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-46614
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.13% / 3.00%
||
7 Day CHG~0.00%
Published-28 Apr, 2025 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File.

Action-Not Available
Vendor-Snowflake
Product-Snowflake ODBC
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-46329
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-3.3||LOW
EPSS-0.10% / 0.91%
||
7 Day CHG~0.00%
Published-29 Apr, 2025 | 04:35
Updated-09 May, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Snowflake Connector for C/C++ inserts client-side encryption key in DEBUG logs

libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. This issue has been patched in version 2.2.0.

Action-Not Available
Vendor-snowflakesnowflakedb
Product-connector_for_c\/c\+\+libsnowflakeclient
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-27496
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-3.3||LOW
EPSS-0.11% / 1.59%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 19:01
Updated-22 Aug, 2025 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Snowflake JDBC Driver client-side encryption key in DEBUG logs

Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. Snowflake fixed the issue in version 3.23.1.

Action-Not Available
Vendor-snowflakesnowflakedb
Product-snowflake_jdbcsnowflake-jdbc
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-24457
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-5.5||MEDIUM
EPSS-0.59% / 43.77%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 17:23
Updated-30 Jan, 2025 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-9735
Matching Score-4
Assigner-MongoDB, Inc.
ShareView Details
Matching Score-4
Assigner-MongoDB, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 2.05%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 22:40
Updated-15 Jun, 2026 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keyfile contents are in MongoDB Server logs

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction.

Action-Not Available
Vendor-MongoDB, Inc.
Product-mongodbMongoDB Server
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-9751
Matching Score-4
Assigner-MongoDB, Inc.
ShareView Details
Matching Score-4
Assigner-MongoDB, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 1.48%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 22:24
Updated-12 Jun, 2026 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sensitive data could be written to mongod.log

The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text.

Action-Not Available
Vendor-MongoDB, Inc.
Product-mongodbMongoDB Server
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-23289
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 2.89%
||
7 Day CHG+0.01%
Published-31 Jul, 2025 | 20:41
Updated-04 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerability in the launcher logs, where a user could cause sensitive information to be written to the log files through proxy servers. A successful exploit of this vulnerability might lead to information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NVIDIA Omniverse Launcher
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-2300
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 3.51%
||
7 Day CHG~0.00%
Published-22 Apr, 2025 | 04:12
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information exposure vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA

Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability. This issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00.

Action-Not Available
Vendor-Hitachi, Ltd.
Product-Hitachi Ops Center Common Services
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-21319
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.91% / 55.67%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Memory Information Disclosure Vulnerability

Windows Kernel Memory Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2019windows_server_2016windows_10_1607windows_10_22h2windows_server_2008windows_server_2025windows_10_1809windows_11_22h2windows_11_24h2windows_11_23h2windows_server_2012windows_server_2022windows_10_21h2windows_server_2022_23h2windows_10_1507Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-21316
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.91% / 55.67%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Memory Information Disclosure Vulnerability

Windows Kernel Memory Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2019windows_server_2016windows_10_1607windows_10_22h2windows_server_2025windows_10_1809windows_11_22h2windows_11_24h2windows_11_23h2windows_server_2012windows_server_2022windows_10_21h2windows_server_2022_23h2windows_10_1507Windows 11 Version 23H2Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-21323
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.83% / 53.19%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Memory Information Disclosure Vulnerability

Windows Kernel Memory Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2019windows_server_2016windows_10_1607windows_10_22h2windows_server_2025windows_10_1809windows_11_22h2windows_11_24h2windows_11_23h2windows_server_2022windows_10_21h2windows_server_2022_23h2windows_10_1507Windows 11 Version 23H2Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows 11 Version 24H2Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows 10 Version 22H2
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-21317
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.83% / 53.19%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Memory Information Disclosure Vulnerability

Windows Kernel Memory Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_server_2025windows_11_22h2windows_11_24h2windows_11_23h2windows_server_2022windows_10_21h2windows_server_2022_23h2Windows 11 Version 23H2Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows 10 Version 22H2Windows 10 Version 21H2
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-21321
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.91% / 55.67%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Memory Information Disclosure Vulnerability

Windows Kernel Memory Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2019windows_server_2016windows_10_1607windows_10_22h2windows_server_2025windows_10_1809windows_11_22h2windows_11_24h2windows_11_23h2windows_server_2012windows_server_2022windows_10_21h2windows_server_2022_23h2windows_10_1507Windows 11 Version 23H2Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-21320
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.91% / 55.67%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Memory Information Disclosure Vulnerability

Windows Kernel Memory Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2019windows_server_2016windows_10_1607windows_10_22h2windows_server_2008windows_server_2025windows_10_1809windows_11_22h2windows_11_24h2windows_11_23h2windows_server_2012windows_server_2022windows_10_21h2windows_server_2022_23h2windows_10_1507Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-25046
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 4.42%
||
7 Day CHG~0.00%
Published-31 Aug, 2020 | 20:26
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The USB driver leaks address information via kernel logging. The Samsung IDs are SVE-2020-17602, SVE-2020-17603, SVE-2020-17604 (August 2020).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-21318
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.91% / 55.67%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Memory Information Disclosure Vulnerability

Windows Kernel Memory Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2019windows_server_2016windows_10_1607windows_10_22h2windows_server_2025windows_10_1809windows_11_22h2windows_11_24h2windows_11_23h2windows_server_2012windows_server_2022windows_10_21h2windows_server_2022_23h2windows_10_1507Windows 11 Version 23H2Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-1622
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.30% / 21.96%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 19:25
Updated-16 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS Evolved: EvoSharedObjStore may leak sensitive information

A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via the EvoSharedObjStore. This issue affects all versions of Junos OS Evolved prior to 19.1R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedJunos OS Evolved
CWE ID-CWE-664
Improper Control of a Resource Through its Lifetime
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-1620
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.30% / 21.96%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 19:25
Updated-17 Sep, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS Evolved: Configd leaks hashes via log file and is world readable

A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedJunos OS Evolved
CWE ID-CWE-664
Improper Control of a Resource Through its Lifetime
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-1998
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 5.82%
||
7 Day CHG+0.01%
Published-27 Mar, 2025 | 14:41
Updated-01 Sep, 2025 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy information disclosure

IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication token information in log files that could be read by a local user.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deploydevops_deployDevOps DeployUrbanCode Deploy
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-41553
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 6.91%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 02:11
Updated-05 May, 2025 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Exposure Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer

Insertion of Sensitive Information into Temporary File vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer probe component) allows local users to gain sensitive information. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00.

Action-Not Available
Vendor-Linux Kernel Organization, IncHitachi, Ltd.
Product-infrastructure_analytics_advisorlinux_kernelops_center_analyzerHitachi Infrastructure Analytics AdvisorHitachi Ops Center Analyzer
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-14010
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 1.93%
||
7 Day CHG~0.00%
Published-04 Dec, 2025 | 09:51
Updated-20 May, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ansible-collection-community-general: ansible-collection-community-general: keycloak user module leaks credentials in verbose output

A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access.

Action-Not Available
Vendor-ansible-collectionsRed Hat, Inc.
Product-community.generalAnsible Community General CollectionRed Hat OpenStack Platform 17.1Red Hat OpenStack Platform 18.0Red Hat Ceph Storage 7Red Hat Ceph Storage 6Red Hat Ceph Storage 8Red Hat Ceph Storage 5
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-13755
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 1.42%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 15:46
Updated-27 May, 2026 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM® Db2® is vulnerable to credential exposure in db2diag when executing specific testcase buckets

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local user.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-16210
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 10.58%
||
7 Day CHG~0.00%
Published-08 Nov, 2019 | 17:05
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.

Action-Not Available
Vendor-Brocade Communications Systems, Inc. (Broadcom Inc.)Broadcom Inc.
Product-brocade_sannavBrocade SANnav
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2025-12940
Matching Score-4
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
ShareView Details
Matching Score-4
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS Score-0.5||LOW
EPSS-0.24% / 15.33%
||
7 Day CHG+0.01%
Published-11 Nov, 2025 | 16:17
Updated-08 Dec, 2025 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Credentials recorded in logs in NETGEAR WAX610 and WAX610Y

Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points). An user having access to the syslog server can read the logs containing these credentials.  This issue affects WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4. Devices managed with Insight get automatic updates. If not, please check the firmware version and update to the latest. Fixed in: WAX610 firmware 11.8.0.10 or later. WAX610Y firmware 11.8.0.10 or later.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-wax610wax610ywax610y_firmwarewax610_firmwareWAX610YWAX610
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-39897
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.09% / 0.50%
||
7 Day CHG~0.00%
Published-08 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-10221
Matching Score-4
Assigner-15ede60e-6fda-426e-be9c-e788f151a377
ShareView Details
Matching Score-4
Assigner-15ede60e-6fda-426e-be9c-e788f151a377
CVSS Score-6.7||MEDIUM
EPSS-0.12% / 2.20%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 12:31
Updated-19 Dec, 2025 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hardcoded Password Exposure in AxxonNet (C-WerkNet) ARP Agent Logs

Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in AxxonSoft Axxon One / AxxonNet / C-WerkNet 2.0.4 and earlier on Windows platforms allows a local attacker to obtain plaintext credentials via reading TRACE log files containing serialized JSON with passwords.

Action-Not Available
Vendor-axxonsoftAxxonSoftMicrosoft Corporation
Product-windowsaxxon_oneAxxonNet ARP Agent C-WerkNet
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-5515
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 1.06%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 12:58
Updated-02 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM App Connect Enterprise is vulnerable to a confidential disclosure

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.

Action-Not Available
Vendor-IBM Corporation
Product-app_connect_enterpriseApp Connect Enterprise
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2025-0736
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 11.31%
||
7 Day CHG~0.00%
Published-28 Jan, 2025 | 09:12
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Org.infinispan-infinispan-parent: exposure of sensitive information in application logs

A flaw was found in Infinispan, when using JGroups with JDBC_PING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and exploitation by malicious actors.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Data Grid
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-0273
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 4.15%
||
7 Day CHG+0.01%
Published-27 Mar, 2025 | 05:03
Updated-11 Apr, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL DevOps Deploy / HCL Launch is susceptible to Insertion of Sensitive Information into Log File vulnerability

HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-hcl_devops_deployhcl_launchHCL DevOps Deploy / HCL Launch
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-8775
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 18.50%
||
7 Day CHG~0.00%
Published-14 Sep, 2024 | 02:15
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ansible-core: exposure of sensitive information in ansible vault files due to improper logging

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Ansible Automation Platform 2.4 for RHEL 9Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Enterprise Linux AI (RHEL AI)Ansible Automation Platform Execution EnvironmentsRed Hat Ansible Automation Platform 2.4 for RHEL 8Red Hat Ansible Automation Platform 2.5 for RHEL 8Discovery 1 for RHEL 9Red Hat Enterprise Linux 10
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-8264
Matching Score-4
Assigner-Fortra, LLC
ShareView Details
Matching Score-4
Assigner-Fortra, LLC
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 7.77%
||
7 Day CHG~0.00%
Published-09 Oct, 2024 | 22:44
Updated-17 Oct, 2024 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sensitive information in agent log file when detailed logging is enabled with Robot Schedule Enterprise prior to version 3.05

Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled.

Action-Not Available
Vendor-Fortra LLC
Product-robot_scheduleRobot Schedule Enterpriserobot_schedule_enterprise
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-7421
Matching Score-4
Assigner-Devolutions Inc.
ShareView Details
Matching Score-4
Assigner-Devolutions Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 4.72%
||
7 Day CHG-0.00%
Published-25 Sep, 2024 | 15:12
Updated-17 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions

Action-Not Available
Vendor-Devolutions
Product-remote_desktop_managerRemote Desktop Manager
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-3191
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.17% / 6.52%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 02:09
Updated-02 May, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Exposure Vulnerability in Hitachi Ops Center Analyzer

Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Analyzer on Linux (Virtual Strage Software Agent component) allows local users to gain sensitive information. This issue affects Hitachi Ops Center Analyzer: from 10.8.1-00 before 10.9.0-00

Action-Not Available
Vendor-Linux Kernel Organization, IncHitachi, Ltd.
Product-ops_center_analyzerlinux_kernelHitachi Ops Center Analyzer
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-54484
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 12.48%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:59
Updated-02 Apr, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-281
Improper Preservation of Permissions
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-29810
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.40% / 32.32%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 05:50
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.

Action-Not Available
Vendor-n/aHashiCorp, Inc.
Product-go-gettern/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-30148
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.23% / 65.26%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 21:51
Updated-02 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Desired State Configuration (DSC) Information Disclosure Vulnerability

Windows Desired State Configuration (DSC) Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 20H2
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-43508
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 4.30%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 17:06
Updated-02 Apr, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-29071
Matching Score-4
Assigner-Arista Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Arista Networks, Inc.
CVSS Score-4||MEDIUM
EPSS-0.19% / 9.12%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 16:47
Updated-02 Jun, 2026 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vu ...

This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users.

Action-Not Available
Vendor-Arista Networks, Inc.
Product-cloudvision_portalCloudVision Portal
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-28625
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 10.67%
||
7 Day CHG~0.00%
Published-31 Aug, 2022 | 15:59
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.

Action-Not Available
Vendor-n/aHP Inc.
Product-oneviewHPE OneView
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-51528
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-4||MEDIUM
EPSS-0.12% / 2.19%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 09:33
Updated-07 Nov, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of improper log printing in the Super Home Screen module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-27549
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-4||MEDIUM
EPSS-0.15% / 4.55%
||
7 Day CHG+0.01%
Published-06 Jul, 2022 | 20:25
Updated-16 Sep, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL Launch could disclose sensitive database information to a local user in plain text.

HCL Launch may store certain data for recurring activities in a plain text format.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-hcl_launchHCL Launch
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-51752
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-2.1||LOW
EPSS-0.25% / 15.84%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 19:16
Updated-11 Dec, 2025 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Refresh tokens are logged when the debug flag is enabled in @workos-inc/authkit-nextjs

The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.13.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-workosworkos
Product-authkit-nextjsauthkit-nextjs
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-27636
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 12.90%
||
7 Day CHG~0.00%
Published-05 May, 2022 | 16:13
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-Microsoft CorporationF5, Inc.
Product-windowsbig-ip_access_policy_managerbig-ip_access_policy_manager_clientBIG-IP APMBIG-IP APM Clients
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-27888
Matching Score-4
Assigner-Palantir Technologies
ShareView Details
Matching Score-4
Assigner-Palantir Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 12.96%
||
7 Day CHG~0.00%
Published-26 Apr, 2022 | 22:35
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Foundry Issues service was found to be logging in a manner that captured session tokens.

Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). This issue was fixed in 2.249.1.

Action-Not Available
Vendor-palantirPalantir
Product-foundry_issuesFoundry Issues
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-28161
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 11.28%
||
7 Day CHG~0.00%
Published-09 May, 2022 | 16:33
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode.

Action-Not Available
Vendor-n/aBrocade Communications Systems, Inc. (Broadcom Inc.)
Product-sannavBrocade SANNav
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-22336
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.19% / 9.44%
||
7 Day CHG~0.00%
Published-17 Feb, 2024 | 15:45
Updated-04 Dec, 2024 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar Suite information disclosure

IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_securityqradar_suiteCloud Pak for SecurityQRadar Suite Software
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-25477
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 7.82%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 00:00
Updated-29 Oct, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 leaks driver logs that contain addresses of kernel mode objects, weakening KASLR.

Action-Not Available
Vendor-n/aRealtek Semiconductor Corp.
Product-rtsuerrtspern/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-47094
Matching Score-4
Assigner-Checkmk GmbH
ShareView Details
Matching Score-4
Assigner-Checkmk GmbH
CVSS Score-5.7||MEDIUM
EPSS-0.21% / 11.51%
||
7 Day CHG~0.00%
Published-29 Nov, 2024 | 09:52
Updated-11 Sep, 2025 | 07:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Logging of sitesecret to automations log

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users.

Action-Not Available
Vendor-Checkmk GmbH
Product-checkmkCheckmk
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-4472
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-4||MEDIUM
EPSS-0.22% / 12.02%
||
7 Day CHG~0.00%
Published-12 Sep, 2024 | 18:26
Updated-18 Sep, 2024 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insertion of Sensitive Information into Log File in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found