CWE-532 · Insertion of Sensitive Information into Log File

1148 CVEs classified under CWE-532 (Insertion of Sensitive Information into Log File). Browse by severity and year.

Top CVEs for CWE-532
CVESeverityScorePublishedSummary
CVE-2016-0898Critical10.02018-03-29MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component l…
CVE-2022-36407Critical9.92024-03-25Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual St…
CVE-2023-40029Critical9.92023-09-07Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a resul…
CVE-2021-32724Critical9.92021-09-09check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the [check-spelling action](https://github.c…
CVE-2026-49200Critical9.82026-05-29The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for we…
CVE-2026-43992Critical9.82026-05-12JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract…
CVE-2026-22778Critical9.82026-02-02vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpo…
CVE-2025-11008Critical9.82025-11-04The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.1 via the log file. This makes it…
CVE-2024-52009Critical9.82024-11-08Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Atlantis logs contains GitHub credentials (tokens `gh…
CVE-2024-34706Critical9.82024-05-14Valtimo is an open source business process and case management platform. When opening a form in Valtimo, the access token (JWT) of the user is exposed to `api…
CVE-2021-37760Critical9.82021-07-31A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
CVE-2021-37759Critical9.82021-07-31A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
CVE-2019-17395Critical9.82019-10-15In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via…
CVE-2019-17398Critical9.82019-10-15In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication…
CVE-2019-17396Critical9.82019-10-15In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attacke…
CVE-2019-17394Critical9.82019-10-15In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to a…
CVE-2019-17355Critical9.82019-10-15In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via log…
CVE-2019-17397Critical9.82019-10-15In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attacker…
CVE-2019-10212Critical9.82019-10-02A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the…
CVE-2019-15294Critical9.82019-08-28An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor manageme…