PT-2026-7261

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak where sensitive headers, including Authorization and Cookie, are disclosed in cleartext within log files when a verbose, user-supplied logging format—such as the...

EUVD-2020-22070

Malware in sbrugna...

EUVD-2015-1591

Malware in sbrugna...

EUVD-2008-3137

Malware in sbrugna...

CVE-2025-34188

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 macOS/Linux client deployments contain a vulnerability in the local logging mechanism. Authentication session tokens, including PHPSESSID, XSRF-TOKEN, and laravelsession, are...

CVE-2025-34188

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 macOS/Linux client deployments contain a vulnerability in the local logging mechanism. Authentication session tokens, including PHPSESSID, XSRF-TOKEN, and laravelsession, are...

CVE-2025-3456

CVE-2025-3456 affects Arista EOS. The issue allows the global encryption key configured on devices to be logged in clear text in local/remote logs, enabling disclosure of protocol-specific passwords when symmetric passwords are used between neighbor devices. Affected EOS releases include 4.34.x (...

CVE-2025-48709

CVE-2025-48709 affects BMC Control-M/Server 9.0.21.300, where credentials are stored in cleartext and exposed via process lists and logs. The root cause is the control path when a database connection is active: Control-M/Server runs DBUStatus.exe, which invokes dbu_connection_details.vbs with the...

PT-2025-32309

Name of the Vulnerable Software and Affected Versions BMC Control-M version 9.0.21.300 Description An issue exists where the Control-M Server, when connected to a database, frequently runs DBUStatus.exe. This process then calls dbu connection details.vbs, passing the username, password, database...

CVE-2025-48709 BMC Control-M/Server cleartext database credentials in process lists and logs

BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentials and use them to log in to the database server. For example, when Control-M/Server on Windows has a database connection on,...

SUSE CVE-2006-1059

The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain...

SUSE CVE-2013-0212

store/swift.py in OpenStack Glance Essex 2012.1, Folsom 2012.2 before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive...

CVE-2021-25643

An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTokens, or...

CVE-2021-30183

Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext...

CVE-2021-3036

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to...

CVE-2018-18466

An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs present in the DEBUG folder that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability...

PT-2019-9594 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: SecurEnvoy SecurAccess version 9.3.502 Description: An issue was discovered in SecurEnvoy SecurAccess. When put in Debug mode and used for RDP connections, the application stores emergency credentials in cleartext in the logs, which can be...

Cache: NonManagedConnectionFactory will log password in clear text when an exception occurs

The NonManagedConnectionFactory in JBoss Enterprise Application Platform EAP 5.1.2 and 5.2.0, Web Platform EWP 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by readi...