VYPR

CWE-532

Insertion of Sensitive Information into Log File

BaseIncompleteLikelihood: Medium

Description

The product writes sensitive information to a log file.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-215

CVEs mapped to this weakness (485)

page 4 of 25
  • CVE-2026-35185HigApr 6, 2026
    risk 0.49cvss 7.5epss 0.00

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens (user_token), user activity, client IP addresses, and server configuration…

  • CVE-2025-11504HigOct 24, 2025
    risk 0.49cvss 7.5epss 0.00

    The Quickcreator – AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 0.0.9 to 0.1.17 through the /wp-content/plugins/quickcreator/dupasrala.txt file. This makes it possible for unauthenticated attackers to view the plugin's API key…

  • CVE-2025-31213HigMay 12, 2025
    risk 0.49cvss 7.6epss 0.01

    A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to access associated usernames and websites in a user's iCloud Keychain.

  • CVE-2025-24169HigJan 27, 2025
    risk 0.49cvss 7.5epss 0.01

    A logging issue was addressed with improved data redaction. This issue is fixed in Safari 18.3, macOS Sequoia 15.3. A malicious app may be able to bypass browser extension authentication.

  • CVE-2024-8609HigSep 27, 2024
    risk 0.49cvss 7.5epss 0.00

    Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information. This issue affects ValeApp: before v2.0.0.

  • CVE-2024-34559HigMay 14, 2024
    risk 0.49cvss 7.5epss 0.01

    Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.This issue affects Ghost: from n/a through 1.4.0.

  • CVE-2024-34527HigMay 6, 2024
    risk 0.49cvss 7.5epss 0.01

    spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print statement for an OpenAI key. The printed string might be logged.

  • CVE-2024-33637HigApr 29, 2024
    risk 0.49cvss 7.5epss 0.01

    Insertion of Sensitive Information into Log File vulnerability in Solid Plugins Solid Affiliate.This issue affects Solid Affiliate: from n/a through 1.9.1.

  • CVE-2024-32953HigApr 24, 2024
    risk 0.49cvss 7.5epss 0.01

    Insertion of Sensitive Information into Log File vulnerability in Newsletters.This issue affects Newsletters: from n/a through 4.9.5.

  • CVE-2024-31259HigApr 10, 2024
    risk 0.49cvss 7.5epss 0.01

    Insertion of Sensitive Information into Log File vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.5.

  • CVE-2023-44989HigMar 26, 2024
    risk 0.49cvss 7.5epss 0.01

    Insertion of Sensitive Information into Log File vulnerability in GSheetConnector CF7 Google Sheets Connector.This issue affects CF7 Google Sheets Connector: from n/a through 5.0.5.

  • CVE-2023-52143HigJan 5, 2024
    risk 0.49cvss 7.5epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkout.This issue affects WP Stripe Checkout: from n/a through 1.2.2.37.

  • CVE-2018-3828HigSep 19, 2018
    risk 0.49cvss 7.5epss 0.01

    Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An…

  • CVE-2018-7683HigJun 21, 2018
    risk 0.49cvss 7.5epss 0.01

    Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.

  • CVE-2016-10526HigMay 31, 2018
    risk 0.49cvss 8.6epss 0.02

    A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this…

  • CVE-2018-7433HigMar 2, 2018
    risk 0.49cvss 7.5epss 0.01

    The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page.

  • CVE-2017-15572HigOct 18, 2017
    risk 0.49cvss 7.5epss 0.02

    In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.

  • CVE-2016-9344HigFeb 13, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.

  • CVE-2016-8346HigFeb 13, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION).

  • CVE-2015-8977HigJan 31, 2017
    risk 0.49cvss 7.5epss 0.02

    MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files.