| CVE-2025-46313 |
2026-06-11 |
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data. |
| CVE-2026-0267 |
2026-06-10 |
An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the Glob… |
| CVE-2026-9751 |
2026-06-09 |
The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text. |
| CVE-2026-9735 |
2026-06-09 |
MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication paramet… |
| CVE-2026-45581 |
2026-06-08 |
fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode w… |
| CVE-2026-50205 |
2026-06-04 |
System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data. |
| CVE-2026-45679 |
2026-06-02 |
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis… |
| CVE-2026-40619 |
2026-06-02 |
A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin… |
| CVE-2026-49200 |
2026-05-29 |
The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized sy… |
| CVE-2026-45040 |
2026-05-28 |
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUST_LOG=debug sensiti… |
| CVE-2026-6720 |
2026-05-28 |
When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embed… |
| CVE-2026-41185 |
2026-05-28 |
When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, th… |
| CVE-2026-41184 |
2026-05-28 |
In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the __SERVICEACCOUNT_TOKEN__ placeholder (Canal/Flannel-Calico de… |
| CVE-2026-32996 |
2026-05-28 |
This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation. |
| CVE-2026-5515 |
2026-05-27 |
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user. |
| CVE-2026-2607 |
2026-05-27 |
IBM MQ Operator SC2: v3.2.0 through 3.2.23CD: v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0.0 - 2.0.29 and IBM supplied MQ… |
| CVE-2025-13755 |
2026-05-26 |
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local u… |
| CVE-2026-25193 |
2026-05-25 |
Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure.
Mitigating Factor: Only sites that install Com… |
| CVE-2026-8671 |
2026-05-22 |
Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure.
This issue affects Avantra: before 25.3.0. |
| CVE-2026-44052 |
2026-05-21 |
Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials. |