CWE-532
Insertion of Sensitive Information into Log File
Description
The product writes sensitive information to a log file.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-215
CVEs mapped to this weakness (485)
page 4 of 25| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-35185 | Hig | 0.49 | 7.5 | 0.00 | Apr 6, 2026 | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens (user_token), user activity, client IP addresses, and server configuration… | ||
| CVE-2025-11504 | Hig | 0.49 | 7.5 | 0.00 | Oct 24, 2025 | The Quickcreator – AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 0.0.9 to 0.1.17 through the /wp-content/plugins/quickcreator/dupasrala.txt file. This makes it possible for unauthenticated attackers to view the plugin's API key… | ||
| CVE-2025-31213 | Hig | 0.49 | 7.6 | 0.01 | May 12, 2025 | A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to access associated usernames and websites in a user's iCloud Keychain. | ||
| CVE-2025-24169 | Hig | 0.49 | 7.5 | 0.01 | Jan 27, 2025 | A logging issue was addressed with improved data redaction. This issue is fixed in Safari 18.3, macOS Sequoia 15.3. A malicious app may be able to bypass browser extension authentication. | ||
| CVE-2024-8609 | Hig | 0.49 | 7.5 | 0.00 | Sep 27, 2024 | Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information. This issue affects ValeApp: before v2.0.0. | ||
| CVE-2024-34559 | Hig | 0.49 | 7.5 | 0.01 | May 14, 2024 | Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.This issue affects Ghost: from n/a through 1.4.0. | ||
| CVE-2024-34527 | Hig | 0.49 | 7.5 | 0.01 | May 6, 2024 | spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print statement for an OpenAI key. The printed string might be logged. | ||
| CVE-2024-33637 | Hig | 0.49 | 7.5 | 0.01 | Apr 29, 2024 | Insertion of Sensitive Information into Log File vulnerability in Solid Plugins Solid Affiliate.This issue affects Solid Affiliate: from n/a through 1.9.1. | ||
| CVE-2024-32953 | Hig | 0.49 | 7.5 | 0.01 | Apr 24, 2024 | Insertion of Sensitive Information into Log File vulnerability in Newsletters.This issue affects Newsletters: from n/a through 4.9.5. | ||
| CVE-2024-31259 | Hig | 0.49 | 7.5 | 0.01 | Apr 10, 2024 | Insertion of Sensitive Information into Log File vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.5. | ||
| CVE-2023-44989 | Hig | 0.49 | 7.5 | 0.01 | Mar 26, 2024 | Insertion of Sensitive Information into Log File vulnerability in GSheetConnector CF7 Google Sheets Connector.This issue affects CF7 Google Sheets Connector: from n/a through 5.0.5. | ||
| CVE-2023-52143 | Hig | 0.49 | 7.5 | 0.01 | Jan 5, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkout.This issue affects WP Stripe Checkout: from n/a through 1.2.2.37. | ||
| CVE-2018-3828 | Hig | 0.49 | 7.5 | 0.01 | Sep 19, 2018 | Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An… | ||
| CVE-2018-7683 | Hig | 0.49 | 7.5 | 0.01 | Jun 21, 2018 | Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files. | ||
| CVE-2016-10526 | — | Hig | 0.49 | 8.6 | 0.02 | May 31, 2018 | A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this… | |
| CVE-2018-7433 | Hig | 0.49 | 7.5 | 0.01 | Mar 2, 2018 | The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page. | ||
| CVE-2017-15572 | Hig | 0.49 | 7.5 | 0.02 | Oct 18, 2017 | In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect. | ||
| CVE-2016-9344 | Hig | 0.49 | 7.5 | 0.02 | Feb 13, 2017 | An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files. | ||
| CVE-2016-8346 | Hig | 0.49 | 7.5 | 0.02 | Feb 13, 2017 | An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION). | ||
| CVE-2015-8977 | Hig | 0.49 | 7.5 | 0.02 | Jan 31, 2017 | MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files. |
- risk 0.49cvss 7.5epss 0.00
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens (user_token), user activity, client IP addresses, and server configuration…
- risk 0.49cvss 7.5epss 0.00
The Quickcreator – AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 0.0.9 to 0.1.17 through the /wp-content/plugins/quickcreator/dupasrala.txt file. This makes it possible for unauthenticated attackers to view the plugin's API key…
- risk 0.49cvss 7.6epss 0.01
A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to access associated usernames and websites in a user's iCloud Keychain.
- risk 0.49cvss 7.5epss 0.01
A logging issue was addressed with improved data redaction. This issue is fixed in Safari 18.3, macOS Sequoia 15.3. A malicious app may be able to bypass browser extension authentication.
- risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information. This issue affects ValeApp: before v2.0.0.
- risk 0.49cvss 7.5epss 0.01
Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.This issue affects Ghost: from n/a through 1.4.0.
- risk 0.49cvss 7.5epss 0.01
spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print statement for an OpenAI key. The printed string might be logged.
- risk 0.49cvss 7.5epss 0.01
Insertion of Sensitive Information into Log File vulnerability in Solid Plugins Solid Affiliate.This issue affects Solid Affiliate: from n/a through 1.9.1.
- risk 0.49cvss 7.5epss 0.01
Insertion of Sensitive Information into Log File vulnerability in Newsletters.This issue affects Newsletters: from n/a through 4.9.5.
- risk 0.49cvss 7.5epss 0.01
Insertion of Sensitive Information into Log File vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.5.
- risk 0.49cvss 7.5epss 0.01
Insertion of Sensitive Information into Log File vulnerability in GSheetConnector CF7 Google Sheets Connector.This issue affects CF7 Google Sheets Connector: from n/a through 5.0.5.
- risk 0.49cvss 7.5epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkout.This issue affects WP Stripe Checkout: from n/a through 1.2.2.37.
- risk 0.49cvss 7.5epss 0.01
Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An…
- risk 0.49cvss 7.5epss 0.01
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.
- risk 0.49cvss 8.6epss 0.02
A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this…
- risk 0.49cvss 7.5epss 0.01
The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page.
- risk 0.49cvss 7.5epss 0.02
In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION).
- risk 0.49cvss 7.5epss 0.02
MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files.