UBUNTU-CVE-2026-48687

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

PT-2026-24737

In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspectin...

Brocade SANnav 安全漏洞

Brocade SANnav is a storage area network management software developed by the American company Brocade. Versions of Brocade SANnav prior to 2.4.0a contained security vulnerabilities. These vulnerabilities stemmed from improper logging in the update-reports-purge-settings.sh script, which could le...

MyHoard 安全漏洞

MyHoard is an open source database backup recovery tool from Aiven Open. A security vulnerability exists in MyHoard versions prior to 1.3.0, which stems from improper logging of backup information and could lead to encryption key disclosure...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the mtkdpauxtransfer function's use of improper logging, which could lead to a null pointer dereference...

CVE-2025-20290

A vulnerability in the logging feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches, Cisco Nexus 9000 Series Switches in standalone NX-OS mode, Cisco UCS 6400 Fabric Interconnects, Cisco UCS 6500 Series Fabric Interconnects, and Cisco UCS 9108 100G Fabric Interconnects could allow...

CVE-2025-20290

A vulnerability in the logging feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches, Cisco Nexus 9000 Series Switches in standalone NX-OS mode, Cisco UCS 6400 Fabric Interconnects, Cisco UCS 6500 Series Fabric Interconnects, and Cisco UCS 9108 100G Fabric Interconnects could allow...

Cisco NX-OS Software 信息泄露漏洞

Cisco NX-OS Software is a suite of data center-grade operating system software used by Cisco's switches. An information disclosure vulnerability exists in Cisco NX-OS Software that originates from improper logging of sensitive information and could lead to information disclosure...

CVE-2025-54656

UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead...

Ansible-core: exposure of sensitive information in ansible vault files due to improper logging

...

Insertion Of Sensitive Information Into Log File

snyk is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to improper logging of sensitive data because of debug and trace log modes capturing container registry credentials, authentication tokens, and access tokens when certain CLI commands are executed...

CVE-2025-20989

Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmackey...

CVE-2025-20989

Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmackey...

CVE-2025-20989

Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmackey...

CVE-2025-20989

CVE-2025-20989 describes improper logging in the fingerprint trustlet prior to Samsung SMR May-2025 Release 1, enabling local privileged attackers to obtain the hmac_key. Affected component: fingerprint trustlet on Samsung devices using the SMR May-2025 Release 1 or earlier. Underlying issue: ins...

SAMSUNG SMR 安全漏洞

SAMSUNG SMR is a system patch package from the South Korean company Samsung SAMSUNG. It provides patches for Samsung cell phone applications. A security vulnerability exists in versions prior to SAMSUNG SMR May-2025 Release 1, which stems from improper logging and could lead to a locally privileg...

Sensitive Information Disclosure

github.com/edgelesssys/contrast is vulnerable to information disclosure. The vulnerability is due to improper logging configuration due to secrets being written to stderr and Kubernetes logs when the log level is set to info or debug, which is the default...

Information Disclosure

net.snowflake, snowflake-jdbc is vulnerable to Information Disclosure. The vulnerability is due to improper logging practices due to the Driver logging the client-side encryption master key locally when the logging level is set to DEBUG during GET/PUT commands, allowing an attacker to retrieve th...

Insertion Of Sensitive Information Into Log File

github.com/hashicorp/nomad is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to improper logging practices due to workload identity and client secret tokens being recorded in audit logs...

Sensitive Information Exposure

Infinispan is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper logging due to the exposure of sensitive information, such as configuration details or credentials, through logging mechanisms when using JGroups with JDBCPING...