CWE-532: Insertion of Sensitive Information into Log File — known CVE vulnerabilities
CVEs classified under CWE-532 (Insertion of Sensitive Information into Log File), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2022-36407 — CVSS 9.9 (critical): Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform…
CVE-2023-40029 — CVSS 9.9 (critical): Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD /…
CVE-2021-32724 — CVSS 9.9 (critical): check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the [check-spelling…
CVE-2026-49200 — CVSS 9.8 (critical): The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login…
CVE-2026-22778 — CVSS 9.8 (critical): vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to…
CVE-2025-11008 — CVSS 9.8 (critical): The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.1 via the log…
CVE-2024-52009 — CVSS 9.8 (critical): Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Atlantis logs contains GitHub…
CVE-2024-34706 — CVSS 9.8 (critical): Valtimo is an open source business process and case management platform. When opening a form in Valtimo, the access token (JWT) of the user…
CVE-2021-37760 — CVSS 9.8 (critical): A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked…
CVE-2021-37759 — CVSS 9.8 (critical): A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked…
CVE-2019-17395 — CVSS 9.8 (critical): In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be…
CVE-2019-17398 — CVSS 9.8 (critical): In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log…
CVE-2019-17396 — CVSS 9.8 (critical): In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be…
CVE-2019-17394 — CVSS 9.8 (critical): In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and…
CVE-2019-17355 — CVSS 9.8 (critical): In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available…
CVE-2019-17397 — CVSS 9.8 (critical): In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be…
CVE-2019-10212 — CVSS 9.8 (critical): A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this…
CVE-2019-15294 — CVSS 9.8 (critical): An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and…
CVE-2019-3888 — CVSS 9.8 (critical): A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because…
CVE-2019-7612 — CVSS 9.8 (critical): A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is…
CVE-2019-4008 — CVSS 9.8 (critical): API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being…
CVE-2018-17922 — CVSS 9.8 (critical): Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is…
CVE-2018-16049 — CVSS 9.8 (critical): An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is…
CVE-2018-11717 — CVSS 9.8 (critical): An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent…
CVE-2018-11716 — CVSS 9.8 (critical): An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a…
CVE-2018-0042 — CVSS 9.8 (critical): Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability.
CVE-2018-11320 — CVSS 9.8 (critical): In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in…
CVE-2018-1000123 — CVSS 9.8 (critical): Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf contains an Information Exposure…
CVE-2018-1000060 — CVSS 9.8 (critical): Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in…
CVE-2017-7550 — CVSS 9.8 (critical): A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module…
CVE-2017-15366 — CVSS 9.8 (critical): Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This…
CVE-2017-6165 — CVSS 9.8 (critical): In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through…
CVE-2017-9615 — CVSS 9.8 (critical): Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because…
CVE-2017-4955 — CVSS 9.8 (critical): An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior…
CVE-2017-8075 — CVSS 9.8 (critical): On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext…
CVE-2017-8074 — CVSS 9.8 (critical): On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in…
CVE-2017-7214 — CVSS 9.8 (critical): An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy…
CVE-2016-8233 — CVSS 9.8 (critical): Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear…
CVE-2023-50253 — CVSS 9.6 (critical): Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the…
CVE-2024-48852 — CVSS 9.4 (critical): Insertion of Sensitive Information into Log File vulnerability observed in FLEXON. Some information may be improperly disclosed through…
CVE-2025-54120: PCL (Plain Craft Launcher) Community Edition is a Minecraft launcher. In PCL CE versions 2.12.0-beta.5 to 2.12.0-beta.9, the login…
CVE-2025-22275 — CVSS 9.3 (critical): iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by…
CVE-2024-6060: An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP…
CVE-2025-6391 — CVSS 9.1 (critical): Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted…
CVE-2023-36649 — CVSS 9.1 (critical): Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to…
CVE-2023-31056 — CVSS 9.1 (critical): CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not…
CVE-2018-1264 — CVSS 9.1 (critical): Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker…
CVE-2023-31422 — CVSS 9.0 (critical): An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts…
CVE-2023-32478 — CVSS 9.0 (critical): Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged…