286 matches found
CVE-2026-0520
A potential vulnerability was reported in the Lenovo FileZ Android application that, under certain conditions, could allow a local authenticated user to retrieve some sensitive data stored in a log file...
CVE-2025-36187
CVE-2025-36187 is linked to IBM Knowledge Catalog Standard Cartridge. The IBM bulletin describes a vulnerability where the product stores potentially sensitive information in log files that could be read by a local privileged user ( CWE-532: Insertion of Sensitive Information into Log File ). Aff...
Apache Spark Deserialization Vulnerability
Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a deserialization vulnerability. The vulnerability stems from the Spark History Web UI's overly lax Jackson deserialization of...
Apache Spark 代码问题漏洞
Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a deserialization vulnerability. The vulnerability stems from the Spark History Web UI's overly lax Jackson deserialization of...
EUVD-2026-11350
A potential vulnerability was reported in the Lenovo FileZ Android application that, under certain conditions, could allow a local authenticated user to retrieve some sensitive data stored in a log file...
CAM-LDS: Cyber Attack Manifestations for Automatic Interpretation of System Logs and Security Alerts
Log data are essential for intrusion detection and forensic investigations. However, manual log analysis is tedious due to high data volumes, heterogeneous event formats, and unstructured messages. Even though many automated methods for log analysis exist, they usually still rely on domain-specif...
CVE-2026-1265
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file...
CVE-2026-1671
The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winteractivitylogaction function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access...
Brother Industries Brother MFPs security vulnerabilities
Brother Industries Brother MFPs is a multi-functional printer from the Japanese company Brother Industries. There are security vulnerabilities associated with Brother Industries Brother MFPs, which stem from hidden functions that may allow attackers to access sensitive information in the logs...
CVE-2025-59355
A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext...
CVE-2023-40392
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information...
CVE-2020-7295
Privilege Escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface...
CVE-2022-23466
teler is an real-time intrusion detection and threat alert dashboard. teler prior to version 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting XSS in the teler dashboard. When teler requests messages from the event stream on the /events endpoint, the log data displayed on the dashboard a...
Elasticsearch 7.0.x < 8.19.8 / 9.0.x < 9.1.8 / 9.2.x < 9.2.2 (ESA-2025-27)
The version of Elasticsearch installed on the remote host is 7.0 prior to 8.19.8, 9.0 prior to 9.1.8, or 9.2.0 prior to 9.2.2. It is, therefore, affected by a vulnerability as referenced in the ESA-2025-27 advisory. - Insertion of sensitive information in log file in Elasticsearch can lead to los...
CVE-2025-14432 Poly Video - Sensitive Data Might Be Written to Log File
In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center TAC to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration...
CVE-2025-13292 Improper access control in Google Cloud Apigee-X allows cross-tenant Analytics modification and log data access.
A vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics AX data and access logs belonging to other Apigee customer organizations. Apigee-X was found to be vulnerable. This vulnerability was patched in version 1-16-0-apigee-3. No user action i...
LogPurge: Log Data Purification for Anomaly Detection Via Rule-Enhanced Filtering
Log anomaly detection, which is critical for identifying system failures and preempting security breaches, detects irregular patterns within large volumes of log data, and impacts domains such as service reliability, performance optimization, and database log analysis. Modern log anomaly detectio...
CVE-2025-40603
A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data...
SonicWall SMA100 Series 安全漏洞
SonicWall SMA100 Series is a security gateway appliance from SonicWall, Inc. A security vulnerability exists in the SonicWall SMA100 Series that stems from the potential exposure of sensitive information in log files, which could result in a remote authenticated administrator viewing some user...
CVE-2025-10901 Originality.ai AI Checker <= 1.0.16 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'ai_get_table'
The Originality.ai AI Checker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'aigettable' function in all versions up to, and including, 1.0.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...