Sensitive Information Exposure

com.ritense.valtimo, web is vulnerable to sensitive information exposure. The vulnerability is due to the LoggingRestClientCustomizer automatically logging full HTTP request and response details, including headers and bodies, in error messages, which allows an attacker to access sensitive...

IoTGateway 跨站脚本漏洞

IoTGateway is a cross-platform industrial IoT gateway developed by Sam’s individual developer. It supports device connectivity and bidirectional data communication. Version 3.0.1 of IoTGateway contains a cross-site scripting vulnerability. This vulnerability stems from the logging function, which...

Oxia exposes bearer token in debug log messages on authentication failure

Summary When OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. Impact An attacker with access to application logs e.g., via a...

CVE-2026-0207

A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions...

CVE-2026-0207 Sensitive Information Logging Vulnerability in FlashBlade

A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions...

CVE-2026-0207

Technical details such as affected FlashBlade versions, root cause, exploit methods, and remediation are not publicly available in the provided documents. Monitor for updates from official sources.

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the logging process when verbose logging is enabled and per-node BGP peer passwords are configured via node annotations. An attacker can obtain sensitive credential information by...

Unspecified Vulnerability in Apple macOS (CNVD-2026-19034)

Apple macOS is a specialized operating system developed by Apple for Mac computers. Apple macOS has a security vulnerability that stems from a logging issue that can be exploited by an attacker to cause an application to access sensitive user data...

CVE-2019-25629

AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monitoring logging...

EUVD-2019-19998

AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monitoring logging...

CVE-2019-25629 AIDA64 Extreme 5.99.4900 SEH Buffer Overflow via Logging

AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monitoring logging...

CVE-2019-25629

AIDA64 Extreme 5.99.4900 is affected by a structured exception handler (SEH) buffer overflow in the logging functionality. The vulnerability allows local code execution by supplying a malicious CSV log file path; an attacker can inject shellcode via the Hardware Monitoring logging preferences, tr...

EUVD-2019-19952

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing us...

CVE-2019-25605

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing us...

CVE-2019-25590

CVE-2019-25590 : Axessh 4.2 suffers a denial-of-service flaw in the logging configuration. A local attacker can crash the application by supplying an excessively long string in the log file name field when session logging is enabled; the crash is triggered during a Telnet session establishment af...

Insertion of Sensitive Information into Log File

Overview jimeng-web-mcp is a MCP服务器项目，直接访问即梦AI Web端进行图像和视频生成（仅供学习研究使用） Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the logging process. An attacker can access sensitive information by reviewing improperly sanitized log files. Remediation...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-005918)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005918 advisory. Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form- data parser encounters certain errors, it logs a warning but...

OpenClaw 安全漏洞

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a security vulnerability that stems from logging not desensitizing Telegram bot tokens, which can be exploited by an attacker to cause token disclosure...

IBM MQ 安全漏洞

IBM MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable, proven messaging backbone for Service Oriented Architecture SOA. IBM-supplied MQ Advanced container images are standard container images officially provided by IBM,...

CVE-2025-12773

A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade...