Skip to main content

CWE-779

Logging of Excessive Data

15 CVEs Avg CVSS 6.2 MITRE
1
CRITICAL
4
HIGH
10
MEDIUM
0
LOW
1
POC
0
KEV

Monthly

CVE-2026-20210 MEDIUM This Month

Cisco Catalyst SD-WAN Manager web UI fails to properly redact sensitive information in device configurations and templates, allowing authenticated users with read-only permissions to extract and leverage privileged credentials to escalate their access and modify system configurations. The vulnerability affects all versions of the product and requires only network access and valid (albeit minimal) read-only credentials; successful exploitation grants attackers high-privileged administrative capability over the SD-WAN fabric.

Information Disclosure Cisco Cisco Catalyst Sd Wan Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-20209 MEDIUM This Month

Privilege escalation in Cisco Catalyst SD-WAN Manager allows authenticated users with read-only permissions to elevate privileges to high-privileged user level through exposure of sensitive session information in audit logs. An attacker with initial read-only access can extract high-privilege session credentials from audit logs and impersonate an administrator, bypassing intended access controls. CVSS score 5.4 (medium) reflects the requirement for initial authentication, though the ease of escalation (AC:L) and direct path to administrative capability represent significant risk in multi-tenant or shared SD-WAN deployments.

Information Disclosure Cisco Cisco Catalyst Sd Wan Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-28718 HIGH This Week

Acronis Cyber Protect 17 on Linux and Windows versions prior to build 41186 is vulnerable to denial of service through improper input validation in authentication logging functions. An unauthenticated remote attacker can crash the application or render it unavailable without requiring user interaction. No patch is currently available for this vulnerability.

Linux Windows Denial Of Service Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-69230 PyPI MEDIUM PATCH This Month

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. [CVSS 5.3 MEDIUM]

Python Aiohttp Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-8696 HIGH This Month

If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server.0.0 through 2.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-36072 CRITICAL Act Now

Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-36416 HIGH This Week

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Suitecrm
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2024-1141 PyPI MEDIUM PATCH This Month

A vulnerability was found in python-glance-store. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Python Information Disclosure Glance Store
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-39874 MEDIUM This Month

Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Account
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31004 HIGH POC This Week

CVEProject/cve-services is an open source project used to operate the CVE services API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cve Services
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
EPSS 0% CVSS 5.4
MEDIUM This Month

Cisco Catalyst SD-WAN Manager web UI fails to properly redact sensitive information in device configurations and templates, allowing authenticated users with read-only permissions to extract and leverage privileged credentials to escalate their access and modify system configurations. The vulnerability affects all versions of the product and requires only network access and valid (albeit minimal) read-only credentials; successful exploitation grants attackers high-privileged administrative capability over the SD-WAN fabric.

Information Disclosure Cisco Cisco Catalyst Sd Wan Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Privilege escalation in Cisco Catalyst SD-WAN Manager allows authenticated users with read-only permissions to elevate privileges to high-privileged user level through exposure of sensitive session information in audit logs. An attacker with initial read-only access can extract high-privilege session credentials from audit logs and impersonate an administrator, bypassing intended access controls. CVSS score 5.4 (medium) reflects the requirement for initial authentication, though the ease of escalation (AC:L) and direct path to administrative capability represent significant risk in multi-tenant or shared SD-WAN deployments.

Information Disclosure Cisco Cisco Catalyst Sd Wan Manager
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Acronis Cyber Protect 17 on Linux and Windows versions prior to build 41186 is vulnerable to denial of service through improper input validation in authentication logging functions. An unauthenticated remote attacker can crash the application or render it unavailable without requiring user interaction. No patch is currently available for this vulnerability.

Linux Windows Denial Of Service +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. [CVSS 5.3 MEDIUM]

Python Aiohttp Red Hat +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Month

If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server.0.0 through 2.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
EPSS 2% CVSS 7.5
HIGH This Week

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Suitecrm
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A vulnerability was found in python-glance-store. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Python Information Disclosure Glance Store
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Account
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

CVEProject/cve-services is an open source project used to operate the CVE services API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cve Services
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy