CVE-2026-43000

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

CVE-2026-4901

Hydrosystem Control System saves sensitive information into a log file. Critically, user credentials are logged allowing the attacker to obtain further authorized access into the system. Combined with vulnerability CVE-2026-34184, these sensitive information could be accessed by an unauthorized...

smb: client: Don't log plaintext credentials in cifs_set_cifscreds

...

CVE-2026-23303

In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifssetcifscreds When debug logging is enabled, cifssetcifscreds logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing...

CVE-2019-7612

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message...

EUVD-2005-1730

Malware in sbrugna...

EUVD-2023-25062

Malicious code in bioql PyPI...

EUVD-2025-13950

Malicious code in bioql PyPI...

Sensitive Information Disclosure

yiisoft/yii2-redis is vulnerable to Sensitive Information Disclosure. The vulnerability is due to information disclosure due to authentication credentials username and password being logged in plain text during failed connection attempts...

CVE-2020-15380

Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level...

CVE-2025-0936

On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers i.e...

CVE-2025-0936

CVE-2025-0936 affects Arista EOS with a gNMI transport enabled, where using the gNOI File TransferToRemote RPC with remote-credentials can cause those credentials to be logged on the local EOS device or on remote accounting servers (TACACS, RADIUS). The issue is triggered when the OpenConfig gNOI...

CVE-2024-11923

Under certain log settings the IAM or CORE service will log credentials in the iam logfile in Fortra Application Hub Formerly named Helpsystems One prior to version 1.3...

CVE-2024-11923

CVE-2024-11923 describes a data disclosure in Fortra Application Hub (formerly Helpsystems One) where, under certain log settings, the IAM or CORE service logs credentials in the iam logfile prior to version 1.3. Affected component: Fortra Application Hub IAM/CORE logging workflow; issue arises f...

PT-2025-1715 · Fortra · Fortra Application Hub

Name of the Vulnerable Software and Affected Versions: Fortra Application Hub versions prior to 1.3 Description: The issue concerns the logging of credentials in the iam logfile under certain log settings. This occurs in the IAM or CORE service of Fortra Application Hub. Recommendations: For...

CVE-2023-45825 Token in custom credentials object can leak through logs in ydb-go-sdk

ydb-go-sdk is a pure Go native and database/sql driver for the YDB platform. Since ydb-go-sdk v3.48.6 if you use a custom credentials object implementation of interface Credentials it may leak into logs. This happens because this object could be serialized into an error message using...

Information Exposure

Overview logstash-core is a scalable log and event management tool. Affected versions of this package are vulnerable to Information Exposure. Elasticsearch Output plugin would log to file HTTP basic auth credentials when updating connections after sniffing. Remediation Upgrade logstash-core to...

CVE-2023-20891 VMware Tanzu Application Service for VMs and Isolation Segment information disclosure vulnerability

The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF...

UBUNTU-CVE-2021-3447

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog feature. An...

CVE-2019-11252

A flaw was found in Kubernetes that allows the logging of credentials when mounting AzureFile and CephFS volumes. This flaw allows an attacker to access kubelet logs, read the credentials, and use them to access other services. The highest threat from this vulnerability is to confidentiality...