CWE-532 · Insertion of Sensitive Information into Log File
1148 CVEs classified under CWE-532 (Insertion of Sensitive Information into Log File). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-0898 | Critical | 10.0 | 2018-03-29 | MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component l… |
CVE-2022-36407 | Critical | 9.9 | 2024-03-25 | Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual St… |
CVE-2023-40029 | Critical | 9.9 | 2023-09-07 | Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a resul… |
CVE-2021-32724 | Critical | 9.9 | 2021-09-09 | check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the [check-spelling action](https://github.c… |
CVE-2026-49200 | Critical | 9.8 | 2026-05-29 | The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for we… |
CVE-2026-43992 | Critical | 9.8 | 2026-05-12 | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract… |
CVE-2026-22778 | Critical | 9.8 | 2026-02-02 | vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpo… |
CVE-2025-11008 | Critical | 9.8 | 2025-11-04 | The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.1 via the log file. This makes it… |
CVE-2024-52009 | Critical | 9.8 | 2024-11-08 | Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Atlantis logs contains GitHub credentials (tokens `gh… |
CVE-2024-34706 | Critical | 9.8 | 2024-05-14 | Valtimo is an open source business process and case management platform. When opening a form in Valtimo, the access token (JWT) of the user is exposed to `api… |
CVE-2021-37760 | Critical | 9.8 | 2021-07-31 | A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID). |
CVE-2021-37759 | Critical | 9.8 | 2021-07-31 | A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID). |
CVE-2019-17395 | Critical | 9.8 | 2019-10-15 | In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via… |
CVE-2019-17398 | Critical | 9.8 | 2019-10-15 | In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication… |
CVE-2019-17396 | Critical | 9.8 | 2019-10-15 | In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attacke… |
CVE-2019-17394 | Critical | 9.8 | 2019-10-15 | In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to a… |
CVE-2019-17355 | Critical | 9.8 | 2019-10-15 | In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via log… |
CVE-2019-17397 | Critical | 9.8 | 2019-10-15 | In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attacker… |
CVE-2019-10212 | Critical | 9.8 | 2019-10-02 | A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the… |
CVE-2019-15294 | Critical | 9.8 | 2019-08-28 | An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor manageme… |