CVE-2026-20189

A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit...

CVE-2025-13480 Incorrect authorization in Fudo Enterprise

Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings. This vulnerability has been...

CVE-2021-47960

CVE-2021-47960 affects Synology SSL VPN Client prior to 1.4.5-0684. The issue allows a local HTTP server bound to loopback to expose the installation directory to external parties via user interaction with a crafted page, enabling an information disclosure breach. Affected component: Synology SSL...

Information Exposure

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Information Exposure via the client.log.php endpoint, which serves operational log files without enforcing authentication. An attacker can obtain sensitive interna...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization debug log endpoint in the API server. An attacker can access sensitive log data belonging to any entity across any model by compromising a workload machine under the controller. Remediation A fix was pushed into...

CVE-2026-20165

CVE-2026-20165 affects Splunk Enterprise and Splunk Cloud Platform where a low-privileged user (not admin/power role) could access sensitive information by inspecting the job search log due to improper access control in the MongoClient logging channel. Impact is limited to confidential and integr...

CVE-2020-36921 RED-V Super Digital Signage System 5.1.1 Log Information Disclosure Vulnerability

RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication...

EUVD-2022-55938

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive log files. Attackers can directly browse the /log directory to retrieve system and sensitive information without authentication...

CVE-2022-50788

The CVE-2022-50788 entry corresponds to an information disclosure in SOUND4 IMPACT/FIRST/PULSE/Eco

EUVD-2025-205634

The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

Mattermost Desktop App exposes sensitive information in its application logs

Mattermost Desktop App versions 6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs. A fix is available for...

GHSA-G6QX-WQ5W-WR8V Mattermost Desktop App exposes sensitive information in its application logs

Mattermost Desktop App versions 6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs. A fix is available for...

CVE-2025-13321 Mattermost Desktop App logging sensitive information and fails to clear data on server deletion

Mattermost Desktop App versions 6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to logging as unsanitized plaintext. An attacker can gain unauthorized access to sensitive information and potentially escalate privileges by accessing unsanitized logs containing...

Actual Sync-server Gocardless service is logging sensitive data including bearer tokens and account numbers

The GoCardless components in Actualbudget in are logging responses to STDOUT in a parsed format using console.logand console.debug Which in this version of node is an alias for console.log. This is exposing sensitive information in log files including, but not limited to: - Gocardless bearer...

EUVD-2013-0349

Malware in sbrugna...

EUVD-2016-1324

Malware in sbrugna...

EUVD-2019-10372

Malware in sbrugna...

EUVD-2023-50414

Malicious code in bioql PyPI...

EUVD-2022-15409

Malicious code in bioql PyPI...