158 matches found
CVE-2025-5760
CVE-2025-5760 (WordPress Simple History plugin) exposes passwords via logs when Detective Mode is on. In affected versions prior to 5.8.1, append_debug_info_to_context() sanitization is insufficient, causing the plugin to log entire $_POST (and sometimes raw request bodies or $_GET) including pas...
CVE-2025-5760 Simple History <= 5.8.1 - Authenticated (Administrator+) Sensitive Information Exposure via Detective Mode
The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the appenddebuginfotocontext function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin’s logger captures the entire contents of $POST and...
CVE-2025-5760 Simple History <= 5.8.1 - Authenticated (Administrator+) Sensitive Information Exposure via Detective Mode
The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the appenddebuginfotocontext function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin’s logger captures the entire contents of $POST and...
CVE-2025-5760 Simple History <= 5.8.1 - Authenticated (Administrator+) Sensitive Information Exposure via Detective Mode
The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the appenddebuginfotocontext function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin’s logger captures the entire contents of $POST and...
CVE-2025-32967 OpenEMR doesn't log password administration properly
OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrators from auditing critical actions. This...
CVE-2025-32967 OpenEMR doesn't log password administration properly
OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrators from auditing critical actions. This...
CVE-2024-53865
zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The 'boot-ftp-password' and 'ssc-master-pw' properties when creati...
CVE-2023-22481
FreshRSS is a self-hosted RSS feed aggregator. When using the greader API, the provided password is logged in clear in users//logapi.txt in the case where the authentication fails. The issues occurs in authorizationToUser in greader.php. If there is an issue with the request or the credentials,...
CVE-2023-34223
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases...
CVE-2023-28441
smartCARS 3 is flight tracking software. In version 0.5.8 and prior, all persons who have failed login attempts will have their password stored in error logs. This problem doesn't occur in version 0.5.9. As a workaround, delete the affected log file, and ensure one logs in correctly...
CVE-2022-28167
Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log...
CVE-2022-43936
Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled...
CVE-2021-25688
Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs...
CVE-2020-17511
In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field...
CVE-2025-32382 Snowflake credentials logged by the Metabase backend
Metabase is an open source Business Intelligence and Embedded Analytics tool. When admins change Snowflake connection details in Metabase either updating a password or changing password to private key or vice versa, Metabase would not always purge older Snowflake connection details from the...
GHSA-W4RH-FGX7-Q63M ray vulnerable to Insertion of Sensitive Information into Log File
Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the password. This is only...
CVE-2025-1979
Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the password. This is only...
Linux Distros Unpatched Vulnerability : CVE-2010-2387
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vicious-extensions/ve-misc.c in GNOME Display Manager gdm 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8...
CVE-2023-50740
In Apache Linkis =1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0...
CVE-2024-55891
Summary: CVE-2024-55891 affects TYPO3 where the install tool password may be logged in plaintext if the password hashing mechanism is incorrect. Impact: information disclosure of the install password. Affected versions: TYPO3 prior to 13.4.3 ELTS. Mitigation: update to TYPO3 version 13.4.3 ELTS (...