CVE-2025-66236 Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI

Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though...

EUVD-2022-32621

Malicious code in bioql PyPI...

EUVD-2025-18689

Malicious code in bioql PyPI...

CVE-2022-28167

Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log...

CVE-2021-22115

Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller...

CVE-2021-32767

TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3...

CVE-2024-49762 Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled

Pterodactyl is a free, open-source game server management panel. When a user disables two-factor authentication via the Panel, a DELETE request with their current password in a query parameter will be sent. While query parameters are encrypted when using TLS, many webservers including ones...

GHSA-C479-WQ8G-57HR Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled

Impact When a user disables two-factor authentication via the Panel, a DELETE request with their current password in a query parameter will be sent. While query parameters are encrypted when using TLS, many webservers including ones officially documented for use with Pterodactyl will log query...

Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled

Impact When a user disables two-factor authentication via the Panel, a DELETE request with their current password in a query parameter will be sent. While query parameters are encrypted when using TLS, many webservers including ones officially documented for use with Pterodactyl will log query...

BIT-TYPO3-2021-32767

TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3...

ansible: multiple modules expose secured values

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog feature. An...

CVE-2021-32767 Information Disclosure in User Authentication

TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3...

PT-2021-19916 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 9.0.0 through 9.5.27 TYPO3 versions 10.0.0 through 10.4.17 TYPO3 versions 11.0.0 through 11.3.0 Description: The issue concerns the logging of user credentials in plain-text when the log level is set to debug, which is not the...

Arista Networks CloudVision Portal Password Exposure (SA0045)

The version of Arista Networks CloudVision Portal running on the remote device is affected by an information disclosure vulnerability. Under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. Note that Nessus...

CVE-2019-18615

CVE-2019-18615 applies to Arista’s CloudVision Portal (CVP) 2018.2 train. Under certain conditions, CVP logs user passwords in plain text for specific API calls: (1) devices have enable passwords different from the user login password, or (2) configlet builders use the Device class and specify us...

Sensitive Data Exposure

Overview Versions of sequelize-cli prior to 5.5.0 are vulnerable to Sensitive Data Exposure. The function filteredURL does not properly sanitize the config.password value which may cause passwords with special characters to be logged in plain text. Recommendation Upgrade to version 5.5.0 or later...

EAP6: Plain text password logging during security audit

It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...

Important: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.2.2 update

Red Hat JBoss Operations Network 3.2.2, which fixes multiple security issues and several bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, whi...

EAP6: Plain text password logging during security audit

It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...