Total
950 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-25013 | 2025-04-09 | 6.5 Medium | ||
| Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack. | ||||
| CVE-2024-31254 | 1 Webtoffee | 1 Backup And Migration | 2025-04-08 | 3.7 Low |
| Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.7. | ||||
| CVE-2024-31249 | 1 Wpkube | 1 Subscribe To Comments Reloaded | 2025-04-08 | 5.3 Medium |
| Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725. | ||||
| CVE-2024-31247 | 2 Frederic Gilles, Fredericgilles | 2 Fg Drupal To Wordpress, Fg Drupal | 2025-04-08 | 5.3 Medium |
| Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Drupal to WordPress.This issue affects FG Drupal to WordPress: from n/a through 3.70.3. | ||||
| CVE-2024-31245 | 1 Convertkit | 1 Convertkit - Email Marketing\, Email Newsletter And Landing Pages | 2025-04-08 | 5.3 Medium |
| Insertion of Sensitive Information into Log File vulnerability in ConvertKit.This issue affects ConvertKit: from n/a through 2.4.5. | ||||
| CVE-2024-31298 | 1 Joelhardi | 1 User Spam Remover | 2025-04-08 | 5.3 Medium |
| Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0. | ||||
| CVE-2024-31259 | 1 Searchiq | 1 Searchiq | 2025-04-08 | 7.5 High |
| Insertion of Sensitive Information into Log File vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.5. | ||||
| CVE-2025-31479 | 2025-04-07 | 8.2 High | ||
| canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Prior to 1.0.1, if the get-workflow-version-action step fails, the exception output may include the GITHUB_TOKEN. If the full token is included in the exception output, GitHub will automatically redact the secret from the GitHub Actions logs. However, the token may be truncated—causing part of the GITHUB_TOKEN to be displayed in plaintext in the GitHub Actions logs. Anyone with read access to the GitHub repository can view GitHub Actions logs. For public repositories, anyone can view the GitHub Actions logs. The opportunity to exploit this vulnerability is limited—the GITHUB_TOKEN is automatically revoked when the job completes. However, there is an opportunity for an attack in the time between the GITHUB_TOKEN being displayed in the logs and the completion of the job. Users using the github-token input are impacted. This vulnerability is fixed in 1.0.1. | ||||
| CVE-2025-32054 | 2025-04-07 | 3.3 Low | ||
| In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file | ||||
| CVE-2001-1556 | 1 Apache | 1 Http Server | 2025-04-03 | 3.3 Low |
| The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep. | ||||
| CVE-2022-3902 | 1 Gitlab | 1 Gitlab | 2025-04-02 | 5.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing webhooks. | ||||
| CVE-2022-20458 | 1 Google | 1 Android | 2025-04-02 | 5.5 Medium |
| The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user's account name (i.e. PII), in Android "user" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776 | ||||
| CVE-2021-39011 | 2 Ibm, Linux | 2 Cloud Pak For Security, Linux Kernel | 2025-04-02 | 4.2 Medium |
| IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user. IBM X-Force ID: 213645. | ||||
| CVE-2025-21323 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-04-02 | 5.5 Medium |
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21317 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-04-02 | 5.5 Medium |
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21321 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-04-02 | 5.5 Medium |
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21320 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-04-02 | 5.5 Medium |
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21319 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-04-02 | 5.5 Medium |
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21318 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-04-02 | 5.5 Medium |
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21316 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-04-02 | 5.5 Medium |
| Windows Kernel Memory Information Disclosure Vulnerability | ||||