| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In Apache Airflow versions before 3.1.6, the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed.
Users are recommended to upgrade to 3.1.6 or later, which fixes this issue |
| Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. |
| Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS. |
|
Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure.
|
| Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges. |
| In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the Splunk `_internal` index could view the `integrationKey`, `secretKey`, and `appSecretKey` secrets, generated by [Duo Two-Factor Authentication for Splunk Enterprise](https://duo.com/docs/splunk), in plain text. |
| Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS. |
| Tanium addressed an insertion of sensitive information into log file vulnerability in Trends. |
| In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the Splunk `_internal` index could view the RSA `accessKey` value from the [<u>Authentication.conf</u> ](https://help.splunk.com/en/splunk-enterprise/administer/admin-manual/10.2/configuration-file-reference/10.2.0-configuration-file-reference/authentication.conf)file, in plain text. |
| In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured. |
| In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs |
| PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction. |
| AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using logger.info() statements. This occurs in three separate block implementations (StagehandObserveBlock, StagehandActBlock, and StagehandExtractBlock) where the code explicitly calls api_key.get_secret_value() and logs the result. This issue has been patched in autogpt-platform-beta-v0.6.46. |
| AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user. |
| Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally. |
| Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally. |
| Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally. |
| Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally. |
| Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. |
| Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. |
