Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-522

CWE-522

Insufficiently Protected Credentials

Parent: CWE-1390 - Weak Authentication

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

1,323 vulnerabilities with CWE-522

CVE-2026-35155 HIGH

Dell iDRAC10 <1.30.10.50 - Privilege Escalation

CVE-2026-7038 LOW

tufantunc ssh-mcp Command Line index.ts insufficiently protected credentials

CVE-2026-39462 HIGH

SenseLive X3050 Insufficiently Protected Credentials

CVE-2026-41345 MEDIUM

OpenClaw < 2026.3.31 - Authorization Header Leak via Cross-Origin Redirect in Media Download

CVE-2026-41266 HIGH

Flowise: Sensitive Data Leak in public-chatbotConfig

CVE-2026-6408 LOW

Tanium addressed an information disclosure vulnerability in Tanium Server.

CVE-2026-40173 CRITICAL

Dgraph: Unauthenticated pprof endpoint leaks admin auth token

CVE-2026-32171 HIGH

Azure Logic Apps Elevation of Privilege Vulnerability

CVE-2026-27316 LOW

Fortinet FortiSandbox <5.0.5 - Info Disclosure

CVE-2026-34262 MEDIUM

Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer

CVE-2026-35185 HIGH

HAX CMS's public /server-status endpoint exposes authentication tokens, user activity, and client IP addresses

CVE-2026-35467 HIGH

Private Key stored as extractable in browser IndexeDB

CVE-2026-4819 MEDIUM

Search Guard audit logs can contain under certain conditions user credentials

CVE-2026-29872 HIGH

awesome-llm-apps e46690f - Info Disclosure

CVE-2026-33575 HIGH

OpenClaw < 2026.3.12 - Long-lived Credential Exposure in Pairing Setup Codes

CVE-2026-33182 HIGH

Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL

CVE-2026-32913 CRITICAL

OpenClaw < 2026.3.7 - Custom Authorization Header Leakage via Cross-Origin Redirects

CVE-2026-31926 MEDIUM

IGL-Technologies eParking.fi Insufficiently Protected Credentials

CVE-2026-28204 MEDIUM

CTEK Chargeportal Insufficiently Protected Credentials

CVE-2026-23658 HIGH

Azure DevOps: msazure Elevation of Privilege Vulnerability

CVE-2026-32634 HIGH

Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers

CVE-2026-32633 CRITICAL

Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`

CVE-2026-32606 HIGH

IncusOS has a LUKS encryption bypass due to insufficient TPM policy

CVE-2026-21670 HIGH

Product - Info Disclosure

CVE-2026-3783 MEDIUM

curl - OAuth Token Leak

Page 1 of 53 Next

Details

Vulnerabilities 1,323

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy