EUVD-2026-40137

Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent local debug logs. An attacker could exploit this by obtaining read access to the affected user's local log files, causing credentials such as...

CVE-2026-56457

HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with access to the logs to potentially obtain sensitive values related to that step...

EUVD-2026-40091

HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with access to the logs to potentially obtain sensitive values related to that step...

W3 Total Cache < 2.8.2 - Log File Exposure

The plugin is vulnerable to Information Exposure through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF...

All-in-One WP Migration < 7.87 - Unauthenticated Information Disclosure

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to unauthenticated information disclosure due to its error.log file being publicly accessible in versions before 7.87. id: CVE-2024-8852 info: name: All-in-One WP Migration 7.87 - Unauthenticated Information Disclosure...

CVE-2026-9073 Foreman-mcp-server: mcp server: insecure sensitive http header sanitization

A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug...

CVE-2026-9073

Foreman-mcp-server (MCP server) contains a log-related vulnerability that can leak sensitive credentials via log files. Two separate logging paths are involved: (1) session identifiers are logged at informational level and treated as authentication credentials, and (2) debug logging partially san...

Linux Distros Unpatched Vulnerability : CVE-2026-9751

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text. CVE-2026-975...

CVE-2026-45581

fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in...

CVE-2026-45581

fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in...

CVE-2026-45581

CVE-2026-45581 affects fabric-chaincode-java (Hyperledger Fabric chaincode runtime). In versions 2.3.1 through 2.5.09, when deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server’s INFO logs include the TLS private key password in plaintext, enabling an attacker with log a...

CVE-2026-33558

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

CVE-2026-33448

CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump the contents of a small portion of memory to the log files potentially revealing secrets...

CVE-2026-37504

Sensitive servertoken exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET, causing it to be...

CVE-2026-40908

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs,...

CVE-2026-45426 Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access

Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against Dag IDs by applying Python's str.lstrip to the requested path segment when verifying the JWT's sub...

CVE-2026-44883

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed...

CVE-2026-44883

Summary: Portainer Community Edition versions 2.33.0–2.33.7.x, 2.39.0–2.39.1.x, and 2.40.x prior to 2.41.0 expose JWTs via the ?token= URL query parameter on any authenticated API endpoint, in addition to the Authorization header. Root cause: The authentication middleware accepted the token from ...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the stderr output when verbose logging is enabled. An attacker can obtain sensitive cluster credentials by accessing the stderr stream, which may be exposed through CI job logs,...

CVE-2026-41185 ServiceAccount token disclosure via Azure IPAM CNI plugin logs

When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map stdinData at INFO level to...