CVE-2026-44516

Valtimo is an open-source business process automation platform. From 12.4.0 to 12.33.0 and 13.26.0, the LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers...

CVE-2025-13321 Mattermost Desktop App logging sensitive information and fails to clear data on server deletion

Mattermost Desktop App versions 6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs...

EUVD-2025-25387

Malicious code in bioql PyPI...

EUVD-2025-21396

Malicious code in bioql PyPI...

CVE-2025-20345

A vulnerability in the debug logging function of Cisco Duo Authentication Proxy could allow an authenticated, high-privileged, remote attacker to view sensitive information in a system log file. This vulnerability is due to insufficient masking of sensitive information before it is written to...

GHSA-36WV-V2QP-V4G4 Apache CXF is vulnerable to DoS attacks as entire files are read into memory and logged

Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory...

PT-2025-29526 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions 9.0.0 through 11.8.9 Description: Directus is a real-time API and App dashboard for managing SQL database content. When using Directus Flows to handle CRUD events for users, the "Log to Console" operation with a template...

SUSE-SU-2025:20363-1 Security update for skopeo

This update for skopeo fixes the following issues: - CVE-2024-6104: url might write sensitive information to log file bsc1227056. - CVE-2023-45288: close connections when receiving too many headers bsc1236483. - CVE-2025-27144: Go JOSE's Parsing Vulnerable to Denial of Service bsc1237613...

Snowflake ODBC Driver 安全漏洞

Snowflake ODBC Driver is a powerful tool from Snowflake to connect to a live Snowflake data warehouse directly from any application that supports ODBC connectivity. A security vulnerability exists in Snowflake ODBC Driver versions prior to 3.7.0, which stems from logging sensitive information and...

Information Disclosure

github.com/microsoft/terraform-provider-power-platform is vulnerable to Information Disclosure. The vulnerability is due to improper handling of sensitive data in the logging mechanism, where the clientsecret is not properly masked. This allows an attacker to impersonate the service principal and...

Beats and Elastic Agent 8.11.3 / 7.17.16 Security Update (ESA-2023-30)

Beats and Elastic Agent Insertion of Sensitive Information into Log File An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or...

PT-2023-14979 · Intel · Intel Unison

Name of the Vulnerable Software and Affected Versions: Intel Unison affected versions not specified Description: The issue concerns the insertion of sensitive information into a log file, potentially allowing an authenticated user to enable information disclosure via local access. Recommendations...

GHSA-J5G3-5C8R-7QFX Prevent logging invalid header values

Impact What kind of vulnerability is it? Apollo Server can log sensitive information Studio API keys if they are passed incorrectly with leading/trailing whitespace or if they have any characters that are invalid as part of a header value. Who is impacted? Users who all of the below: use either t...