CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

63 matches found

OSV•added 2026/04/23 2:31 p.m.•3 views

GHSA-PFM2-2MHG-8WPX n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests

Impact When n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the authentication outcome. In deployments where logs are collected, forwarded to external systems, or viewable outside the request trust...

5.3CVSS5.7AI score0.00255EPSS

Exploits0References4

Positive Technologies•added 2025/12/09 12:0 a.m.•4 views

PT-2025-50108

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0 through 7.4.3 FortiProxy versions 7.2.0 through 7.4.3 FortiPAM versions 1.0 through 1.4 FortiSRA version 1.4 Description A flaw exists where sensitive information can be written to log files. Specifically, a read-only...

6.6CVSS6.2AI score0.00348EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-0033

Malware in sbrugna...

7.4CVSS7.3AI score0.01243EPSS

Exploits0References6

IBM Security Bulletins•added 2025/10/01 4:8 p.m.•10 views

Security Bulletin: IBM Transformation Extender Advanced stores potentially sensitive information in log files that could be read by a local user.

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, stores potentially sensitive information in log files that could be read by a local user. Vulnerability Details CVEID:CVE-2023-50301 DESCRIPTION: IBM Standards Processing Engine stores potentially sensiti...

4.4CVSS5.9AI score0.00106EPSS

Exploits0Affected Software1

Japan Vulnerability Notes•added 2025/07/22 4:33 a.m.•3 views

"region PAY" App for Android vulnerable to insertion of sensitive information into log file

Overview "region PAY" App for Android provided by Gift Pad Co.,Ltd. contains the following vulnerability. Insertion of sensitive information into log file CWE-532 - CVE-2025-52580 Kubo Naoki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

2.4CVSS6.5AI score0.00167EPSS

Exploits0References4

RedhatCVE•added 2025/05/23 3:16 a.m.•3 views

CVE-2023-23064

TOTOLINK A720R V4.1.5cu.532 B20210610 is vulnerable to Incorrect Access Control...

9.8CVSS7AI score0.00702EPSS

Exploits0References1

RedhatCVE•added 2025/03/14 10:25 p.m.•21 views

CVE-2025-2002

CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device...

6CVSS6.7AI score0.00156EPSS

Exploits0References1

NVD•added 2025/03/12 4:15 p.m.•6 views

CVE-2025-2002

6CVSS0.00156EPSS

Exploits0References1

Cvelist•added 2025/03/12 3:25 p.m.•22 views

CVE-2025-2002

6CVSS0.00156EPSS

Exploits0References1

CVE•added 2025/03/12 3:25 p.m.•49 views

CVE-2025-2002

CVE-2025-2002 affects Schneider Electric EcoStruxure Panel Server. The issue is a CWE-532-style insertion of sensitive information into log files that can lead to disclosure of FTP server credentials when the FTP server is deployed and an administrator places the device in debug mode, exporting d...

6CVSS6.9AI score0.00156EPSS

Exploits0References1

Vulnrichment•added 2025/03/12 3:25 p.m.•2 views

CVE-2025-2002

6CVSS6.8AI score0.00156EPSS

Exploits0References1

IBM Security Bulletins•added 2024/11/19 2:8 p.m.•8 views

Security Bulletin: IBM Sterling Global High Availability Mailbox is affected by IBM WebSphere Application Server Liberty is vulnerable to information disclosure due to Apache Santuario (CVE-2023-44483)

Summary IBM Sterling Global High Availability Mailbox is affected by a vulnerability in the Apache Santuario library used by IBM WebSphere Application Server Liberty when the wsSecurity-1.1, wsSecuritySaml-1.1 or samlWeb-2.0 feature is enabled. Vulnerability Details CVEID:CVE-2023-44483...

6.5CVSS6.1AI score0.01212EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2024/11/14 3:38 p.m.•14 views

Security Bulletin: IBM B2B Sterling integrator is affected by Apache Santuario vulnerability to information disclosure

Summary IBM B2B Sterling integrator is vunerable to information disclosure due to Apache Santuario Vulnerability Details CVEID:CVE-2023-44483 DESCRIPTION: Apache Santuario could allow a remote authenticated attacker to obtain sensitive information, caused by the storage of a private key in the lo...

6.5CVSS5.9AI score0.01212EPSS

Exploits0Affected Software1

OSV•added 2024/07/22 5:40 p.m.•9 views

GHSA-HCMV-JMQH-FJGM ops leaking secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command

Summary The issue here is that we pass the secret content as one of the args via CLI. This issue may affect any of our charms that are using: Juju =3.0, Juju secrets and not correctly capturing and processing subprocess.CalledProcessError. There are two points that may log this command, in...

6.9CVSS5.2AI score0.00198EPSS

Exploits0References4

Github Security Blog•added 2024/07/22 5:40 p.m.•17 views

ops leaking secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command

4.4CVSS7.3AI score0.00198EPSS

Exploits0References4Affected Software1

Cvelist•added 2024/06/12 4:28 p.m.•17 views

CVE-2024-5557

CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs...

4.5CVSS0.00231EPSS

Exploits0References1

CVE•added 2024/06/12 4:28 p.m.•46 views

CVE-2024-5557

CVE-2024-5557 describes a CWE-532 log message disclosure in Schneider Electric SpaceLogic AS-P/AS-B where SNMP credentials can be exposed if an attacker has access to controller logs. The core issue is insertion of sensitive information into log files. Affected products are Schneider Electric Spa...

4.5CVSS6.9AI score0.00231EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/06/12 4:28 p.m.•14 views

CVE-2024-5557

CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs...

4.5CVSS6.8AI score0.00231EPSS

Exploits0References1

Tenable Nessus•added 2024/02/20 12:0 a.m.•31 views

Amazon Linux 2023 : GraphicsMagick, GraphicsMagick-c++, GraphicsMagick-c++-devel (ALAS2023-2024-532)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-532 advisory. Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format...

7.8CVSS7.3AI score0.00427EPSS

Exploits2References6

NVD•added 2023/11/14 6:15 p.m.•14 views

CVE-2023-45585

An insertion of sensitive information into log file vulnerability CWE-532 in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, versi...

3.3CVSS0.00208EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by