CVE-2024-9453

Technical details about CVE-2024-9453 are not publicly available in the provided documents. Monitor for updates.

CVE-2025-49846

Summary : CVE-2025-49846 affects the Wire iOS client. For Wire iOS versions 3.111.1–3.124.1, messages visible in the viewport were logged in clear text to the iOS system logs due to canOpenUrl() being called with an invalid URL, with access requiring physical possession of an unlocked device. The...

CVE-2025-49009

Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in FacebookAuthFilter.java results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access...

Para Inserts Sensitive Information into Log File for Facebook authentication

CWE ID: CWE-532 Insertion of Sensitive Information into Log File CVSS: 6.2 Medium Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Component: Facebook Authentication Logging Version: Para v1.50.6 File Path:...

PT-2025-23940 · Para · Para

Name of the Vulnerable Software and Affected Versions: Para versions prior to 1.50.8 Description: A vulnerability exists in the FacebookAuthFilter.java file, resulting in the full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access token...

PT-2025-23939 · Yii · Yii 2 Redis Extension

Name of the Vulnerable Software and Affected Versions: Yii 2 Redis extension versions prior to 2.0.20 Description: The issue concerns the logging of commands when a connection fails in the Yii 2 Redis extension. Specifically, prior to version 2.0.20, AUTH parameters are written in plain text,...

Django 4.x < 4.2.22, 5.0.x < 5.1.10, 5.2.x < 5.2.2 Log Injection Vulnerability - Linux

Django is prone to a log injection vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; if...

CVE-2025-48955

Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence but do not require...

CVE-2025-31199

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.8.2, visionOS 2.4. An app may be able to access sensitive user data...

CVE-2025-31199

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. An app may be able to access sensitive user data...

CVE-2025-31199

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.8.2, visionOS 2.4. An app may be able to access sensitive user data...

CVE-2025-31199

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. An app may be able to access sensitive user data...

CVE-2025-31199

CVE-2025-31199 is a logging-data-redaction flaw addressed by Apple in macOS/macOS-derived OS updates (Sequoia 15.4, Sonoma 14.x line, iOS/iPadOS 18.4, visionOS 2.4). The issue allowed an app to access sensitive user data due to insufficient data redaction in log outputs. Apple’s advisories list t...

Security update for python-tornado

This update for python-tornado fixes the following issues: CVE-2025-47287: excessive logging when parsing malformed multipart/form-data can lead to a denial-of-service bsc1243268. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate ...

CVE-2025-32967

OpenEMR prior to version 7.0.3.4 has a logging oversight where password change events are not recorded in the client-side log viewer, weakening traceability and potentially enabling undetectable internal or external misuse. The vulnerability affects the OpenEMR EHR/PM application and is addressed...

CVE-2023-45825

ydb-go-sdk is a pure Go native and database/sql driver for the YDB platform. Since ydb-go-sdk v3.48.6 if you use a custom credentials object implementation of interface Credentials it may leak into logs. This happens because this object could be serialized into an error message using...

CVE-2022-24875

The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the org.conroller.js code would erroneously log user secrets. This has been resolved in commit 46d98f2b and should be available in subsequent versions of the software...

CVE-2022-20458

The logs of sensitive information PII or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey directly in logs, whic...

CVE-2025-48374 zot logs secrets

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Prior to version 2.1.3 corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f, when using Keycloak as an oidc provider, the clientsecret gets printed into the container stdout...

CVE-2020-25065

An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Key logging may occur because of an obsolete API. The LG ID is LVE-SMP-170010 August 2020...