VYPR

CWE-532

Insertion of Sensitive Information into Log File

BaseIncompleteLikelihood: Medium

Description

The product writes sensitive information to a log file.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-215

CVEs mapped to this weakness (485)

page 8 of 25
  • CVE-2025-24651MedApr 17, 2025
    risk 0.38cvss 5.9epss 0.00

    Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration wp-migration-duplicator allows Retrieve Embedded Sensitive Data.This issue affects WordPress Backup & Migration: from n/a through <= 1.5.3.

  • CVE-2017-2592MedMay 8, 2018
    risk 0.38cvss 5.9epss 0.00

    python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from…

  • CVE-2017-6139MedDec 21, 2017
    risk 0.38cvss 5.9epss 0.02

    In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk.

  • CVE-2017-0380MedSep 18, 2017
    risk 0.38cvss 5.9epss 0.02

    The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by…

  • CVE-2025-46313MedJun 11, 2026
    risk 0.36cvss 5.5epss 0.00

    A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.

  • CVE-2026-9751MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text.

  • CVE-2026-9735MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction.

  • CVE-2026-5515MedMay 27, 2026
    risk 0.36cvss 5.5epss 0.00

    IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.

  • CVE-2025-13755MedMay 26, 2026
    risk 0.36cvss 5.5epss 0.00

    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local user.

  • CVE-2026-44479MedMay 13, 2026
    risk 0.36cvss 5.5epss 0.00

    Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode (--non-interactive or auto-detected AI agent), commands that cannot complete autonomously emit JSON payloads with suggested…

  • CVE-2026-32218MedApr 14, 2026
    risk 0.36cvss 5.5epss 0.00

    Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

  • CVE-2026-32217MedApr 14, 2026
    risk 0.36cvss 5.5epss 0.00

    Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

  • CVE-2026-32215MedApr 14, 2026
    risk 0.36cvss 5.5epss 0.00

    Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

  • CVE-2026-27315MedApr 7, 2026
    risk 0.36cvss 5.5epss 0.00

    Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via  ~/.cassandra/cqlsh_history local file access. Users are recommended to upgrade to version 4.0.20, which fixes this…

  • CVE-2025-68919MedDec 24, 2025
    risk 0.36cvss 5.6epss 0.00

    Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express (DX / AF Management Software) before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to potentially affect system confidentiality,…

  • CVE-2025-43426MedNov 4, 2025
    risk 0.36cvss 5.5epss 0.00

    A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1. An app may be able to access sensitive user data.

  • CVE-2025-43354MedSep 15, 2025
    risk 0.36cvss 5.5epss 0.00

    A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.

  • CVE-2025-43303MedSep 15, 2025
    risk 0.36cvss 5.5epss 0.00

    A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.

  • CVE-2025-23261MedSep 4, 2025
    risk 0.36cvss 5.5epss 0.00

    NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users.

  • CVE-2025-23289MedJul 31, 2025
    risk 0.36cvss 5.5epss 0.00

    NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerability in the launcher logs, where a user could cause sensitive information to be written to the log files through proxy servers. A successful exploit of this vulnerability might lead to information disclosure.