CVE-2026-45046

Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...

CVE-2026-8671

Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the LoggingRestClientCustomizer method. An attacker can access sensitive information by triggering HTTP requests that result in error responses, causing the full request body, response...

CVE-2026-2401

CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an attacker...

CVE-2026-2401

Technical details for CVE-2026-2401 are not publicly available in the provided documents; monitor for updates.

CVE-2025-70040

An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...

EUVD-2026-1996

hermes's raw options logging may disclose secrets passed in via subcommand options argument...

CVE-2025-14432

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center TAC to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration...

CVE-2025-9127

A vulnerability exists in PX Enterprise whereby sensitive information may be logged under specific conditions...

PT-2025-49111

Name of the Vulnerable Software and Affected Versions PX Enterprise affected versions not specified Description A flaw exists in PX Enterprise that could lead to the logging of sensitive information under certain circumstances. Approximately 10,000 devices worldwide may be affected. There are no...

CVE-2025-11248 Sensitive Information Logged

ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token...

IBM Transformation Extender Advanced Log Message Disclosure Vulnerability

IBM Transformation Extender Advanced is a data transformation, validation and standardization tool software from International Business Machines IBM. IBM Transformation Extender Advanced suffers from a log information disclosure vulnerability that originates from storing sensitive information in ...

EUVD-2025-35091

Actual Sync-server Gocardless service is logging sensitive data including bearer tokens and account numbers...

EUVD-2021-13797

Malware in sbrugna...

EUVD-2024-0003

Malicious code in bioql PyPI...

EUVD-2022-30045

Malicious code in bioql PyPI...

CVE-2025-53886

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows with the WebHook trigger all incoming request details are logged including security sensitive data like access and refresh tokens in...

CVE-2025-53885

Directus Flows logs can disclose sensitive user data via the Log to Console operation. Affected: Directus real-time API/dashboard prior to 11.9.0 (versions 9.0.0–11.8.x). Root cause: logging unfettered input during user create/update events, enabling a malicious admin to view other users’ data. I...

PT-2025-29527 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions 9.0.0 through 11.8.9 Description: Directus is a real-time API and App dashboard for managing SQL database content. When using Directus Flows with the WebHook trigger, all incoming request details, including security-sensitiv...

CVE-2022-25374

HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. Fixed in v202202-1...