CVE-2026-32598 OneUptime: Password Reset Token Logged at INFO Level

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log...

CVE-2026-24308 Apache ZooKeeper: Sensitive information disclosure in client configuration handling

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential producti...

Contrast leaks workload secrets to logs on INFO level

This is the same vulnerability as https://github.com/edgelesssys/contrast/security/advisories/GHSA-h5f8-crrq-4pw8. The original vulnerability had been fixed for release v1.8.1, but the fix was not ported to the main branch and thus not present in releases v1.9.0 ff. Below is a brief repetition of...

CVE-2023-47390

Headscale through 0.22.3 writes bearer tokens to info-level logs...

Design/Logic Flaw

Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3...

TP-Link TL-SG108E 'Switch Info' Certificate Disclosure Vulnerability

The TP-Link TL-SG108E is a Gigabit Ethernet switch. A security vulnerability exists in the TP-Link TL-SG108E. A remote attacker can exploit the vulnerability to read 'Switch Info' logs and retrieve certificates...

CVE-2017-8075

On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware...