GHSA-PFM2-2MHG-8WPX n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests

Impact When n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the authentication outcome. In deployments where logs are collected, forwarded to external systems, or viewable outside the request trust...

PT-2025-50108

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0 through 7.4.3 FortiProxy versions 7.2.0 through 7.4.3 FortiPAM versions 1.0 through 1.4 FortiSRA version 1.4 Description A flaw exists where sensitive information can be written to log files. Specifically, a read-only...

EUVD-2018-0033

Malware in sbrugna...

Security Bulletin: IBM Transformation Extender Advanced stores potentially sensitive information in log files that could be read by a local user.

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, stores potentially sensitive information in log files that could be read by a local user. Vulnerability Details CVEID:CVE-2023-50301 DESCRIPTION: IBM Standards Processing Engine stores potentially sensiti...

"region PAY" App for Android vulnerable to insertion of sensitive information into log file

Overview "region PAY" App for Android provided by Gift Pad Co.,Ltd. contains the following vulnerability. Insertion of sensitive information into log file CWE-532 - CVE-2025-52580 Kubo Naoki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

CVE-2025-2002

CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device...

CVE-2025-2002

CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device...

CVE-2025-2002

CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device...

CVE-2025-2002

CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device...

CVE-2025-2002

CVE-2025-2002 affects Schneider Electric EcoStruxure Panel Server. The issue is a CWE-532-style insertion of sensitive information into log files that can lead to disclosure of FTP server credentials when the FTP server is deployed and an administrator places the device in debug mode, exporting d...

Security Bulletin: IBM Sterling Global High Availability Mailbox is affected by IBM WebSphere Application Server Liberty is vulnerable to information disclosure due to Apache Santuario (CVE-2023-44483)

Summary IBM Sterling Global High Availability Mailbox is affected by a vulnerability in the Apache Santuario library used by IBM WebSphere Application Server Liberty when the wsSecurity-1.1, wsSecuritySaml-1.1 or samlWeb-2.0 feature is enabled. Vulnerability Details CVEID:CVE-2023-44483...

Security Bulletin: IBM B2B Sterling integrator is affected by Apache Santuario vulnerability to information disclosure

Summary IBM B2B Sterling integrator is vunerable to information disclosure due to Apache Santuario Vulnerability Details CVEID:CVE-2023-44483 DESCRIPTION: Apache Santuario could allow a remote authenticated attacker to obtain sensitive information, caused by the storage of a private key in the lo...

ops leaking secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command

Summary The issue here is that we pass the secret content as one of the args via CLI. This issue may affect any of our charms that are using: Juju =3.0, Juju secrets and not correctly capturing and processing subprocess.CalledProcessError. There are two points that may log this command, in...

GHSA-HCMV-JMQH-FJGM ops leaking secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command

Summary The issue here is that we pass the secret content as one of the args via CLI. This issue may affect any of our charms that are using: Juju =3.0, Juju secrets and not correctly capturing and processing subprocess.CalledProcessError. There are two points that may log this command, in...

CVE-2024-5557

CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs...

CVE-2024-5557

CVE-2024-5557 describes a CWE-532 log message disclosure in Schneider Electric SpaceLogic AS-P/AS-B where SNMP credentials can be exposed if an attacker has access to controller logs. The core issue is insertion of sensitive information into log files. Affected products are Schneider Electric Spa...

CVE-2024-5557

CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs...

CVE-2023-45585

An insertion of sensitive information into log file vulnerability CWE-532 in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, versi...

CVE-2023-45585

FortiSIEM contains a log file vulnerability (CWE-532) affecting multiple versions (7.0.0; 6.7.6 and below; 6.6.3 and below; 6.5.1 and below; 6.4.2 and below; 6.3.3 and below; 6.2.1 and below; 6.1.2 and below; 5.4.0; 5.3.3 and below) where an authenticated user could view an encrypted ElasticSearc...

CVE-2023-45585

An insertion of sensitive information into log file vulnerability CWE-532 in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, versi...