Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-522

CWE-522

Insufficiently Protected Credentials

Parent: CWE-1390 - Weak Authentication

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

1,358 vulnerabilities with CWE-522

CVE-2026-6517 MEDIUM

Mattermost Desktop App fails to restrict the allow list of domains which NTLM credentials are passed

CVE-2026-49949 MEDIUM

CodexBar < 0.33.0 Credential Leakage via HTTP Redirect

CVE-2026-41715 MEDIUM

Reactor Netty HTTP Client Leaks Credentials On Protocol Downgrade Redirect

CVE-2026-39908 MEDIUM

OpenBullet2 0.3.2 NTLMv2 Hash Disclosure via UNC Path Proxy Source

CVE-2026-46440 CRITICAL

Flowise: Basic Auth Credentials Exposed via API

CVE-2026-46511 HIGH

HAXcms: Mass Token Exfiltration and Cross-Tenant Hijack

CVE-2026-7313 HIGH

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity

CVE-2026-7312 CRITICAL

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity

CVE-2026-4387 LOW

Unencrypted storage of authentication state in StrongDM Desktop Application state.kv file

CVE-2026-49379 MEDIUM

Jetbrains TeamCity < 2026.1 - Insufficiently Protected Credentials

CVE-2026-42951 MEDIUM

MacGregor Voyage Data Recorder (VDR) G4e Insufficiently Protected Credentials

CVE-2026-2255 MEDIUM

Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

CVE-2026-9395 LOW

Besen BS20 EV Charging Station BLE/UDP insufficiently protected credentials

CVE-2026-39968 HIGH

TypeBot: Cross-Workspace Credential Theft via Bot-Engine Preview Endpoint

CVE-2026-0393 MEDIUM

CODESYS Visualization - Insufficiently Protected Credentials

CVE-2026-6345 MEDIUM

Prevent password disclosure and force reset during Slack import

CVE-2026-6253 MEDIUM

curl - Credential Leakage via Proxy Redirect Handling

CVE-2026-43992 CRITICAL

JunoClaw: MCP write tools exposed raw BIP-39 mnemonic as a tool-call parameter

CVE-2026-8368 MEDIUM

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects

CVE-2026-45091 CRITICAL

sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)

CVE-2026-28961 MEDIUM

macOS < 26.5 - Unprotected User Data Exposure via Physical Access

CVE-2026-42869 CRITICAL

SOCFortress CoPilot: Hardcoded JWT secret allows unauthenticated full admin compromise and lateral movement into all integrated SOC tools

CVE-2026-42295 MEDIUM

Argo Workflows: Exposure of artifact repository credentials

CVE-2026-41506 MEDIUM

go-git Credential leak via cross-host redirect in smart HTTP transport

CVE-2026-23927 MEDIUM

Agent 2 Oracle plugin TNS connection string injection via the 'service' parameter

Page 1 of 55 Next

Details

Vulnerabilities 1,358

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy