Total
1000 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48493 | 1 Yiiframework | 1 Yii2-redis | 2025-09-18 | 6.5 Medium |
| The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. Version 2.0.20 fixes the issue. | ||||
| CVE-2025-43354 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2025-09-17 | 5.5 Medium |
| A logging issue was addressed with improved data redaction. This issue is fixed in tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to access sensitive user data. | ||||
| CVE-2025-43303 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2025-09-17 | 5.5 Medium |
| A logging issue was addressed with improved data redaction. This issue is fixed in tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to access sensitive user data. | ||||
| CVE-2025-48709 | 1 Bmc | 1 Control-m | 2025-09-16 | 7.8 High |
| An issue was discovered in BMC Control-M 9.0.21.300. When Control-M Server has a database connection, it runs DBUStatus.exe frequently, which then calls dbu_connection_details.vbs with the username, password, database hostname, and port written in cleartext, which can be seen in event and process logs in two separate locations. | ||||
| CVE-2025-4234 | 3 Microsoft, Palo Alto, Paloaltonetworks | 5 365, Networks, Cortex Xdr and 2 more | 2025-09-15 | N/A |
| A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs. | ||||
| CVE-2025-43888 | 1 Dell | 1 Powerprotect Data Manager | 2025-09-11 | 8.8 High |
| Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. | ||||
| CVE-2024-47094 | 1 Checkmk | 1 Checkmk | 2025-09-11 | 5.5 Medium |
| Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users. | ||||
| CVE-2024-51752 | 1 Workos | 1 Authkit | 2025-09-10 | 5.5 Medium |
| The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.13.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-21323 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-09-09 | 5.5 Medium |
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21317 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-09-09 | 5.5 Medium |
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21321 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-09-09 | 5.5 Medium |
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21320 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-09-09 | 5.5 Medium |
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21319 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-09-09 | 5.5 Medium |
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21318 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-09-09 | 5.5 Medium |
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21316 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-09-09 | 5.5 Medium |
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-23261 | 1 Nvidia | 2 Cumulus Linux, Nvs | 2025-09-05 | 5.5 Medium |
| NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users. | ||||
| CVE-2025-7445 | 1 Kubernetes | 1 Kubernetes | 2025-09-05 | 6.5 Medium |
| Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs. | ||||
| CVE-2025-8663 | 1 Upkeeper | 1 Upkeeper Manager | 2025-09-04 | N/A |
| Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.This issue affects upKeeper Manager: from 5.0.0 before 5.2.12. | ||||
| CVE-2024-9466 | 1 Paloaltonetworks | 1 Expedition | 2025-09-04 | 6.5 Medium |
| A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials. | ||||
| CVE-2025-36133 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2025-09-02 | 5.9 Medium |
| IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and 12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the container. | ||||