Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-522

CWE-522

Insufficiently Protected Credentials

Parent: CWE-1390 - Weak Authentication

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

1,358 vulnerabilities with CWE-522

CVE-2024-44815 MEDIUM

Hathway Skyworth Router CM5100 <4.1.1.24 - Info Disclosure

CVE-2024-40710 HIGH

Veeam Backup & Replication < 12.2.0.334 - Authenticated Remote Code Execution and Credential Extraction

CVE-2024-39278 MEDIUM

EchoStar Fusion < 2.7.0.10 - Unprotected Credential Storage in Flash Memory

CVE-2024-40704 MEDIUM

IBM InfoSphere Information Server 11.7 - Info Disclosure

CVE-2024-31800 MEDIUM

GC2 Indoor Security Camera 1080P - Privilege Escalation

CVE-2024-7813 MEDIUM

Prison Management System 1.0 - Insufficiently Protected Credentials in Profile Image Handler

CVE-2024-39818 HIGH

Zoom Rooms and Workplace < 6.0.0 - Authenticated Information Disclosure via Network Access

CVE-2024-36460 HIGH

Zabbix - Plaintext Password Disclosure in Front-End Audit Log

CVE-2024-6118 CRITICAL

Hamastar MeetingHub Paperless Meetings 2021 - Info Disclosure

CVE-2024-7389 HIGH

Forminator < 1.29.1 - Unauthenticated Sensitive Information Exposure via HubSpot API Key

CVE-2024-3082 MEDIUM

Proges Sensor Net Connect Firmware - Plaintext Password Storage

CVE-2024-6492 HIGH

Drevolutions Remote Desktop Manager <2024.2.14.0 - Info Disclosure

CVE-2024-39733 MEDIUM

IBM Datacap Navigator <9.1.10 - Info Disclosure

CVE-2024-38453 HIGH

Avalara for Salesforce <7.0 - Info Disclosure

CVE-2024-39879 MEDIUM

JetBrains TeamCity < 2024.03.3 - Insufficiently Protected Credentials in EC2 Cloud Profile Settings

CVE-2024-39878 MEDIUM

JetBrains TeamCity < 2024.03.3 - Private Key Exposure via GitHub App Connection Test

CVE-2024-38505 MEDIUM

JetBrains YouTrack <2024.2.34646 - Info Disclosure

CVE-2024-30119 LOW

HCL DRYiCE Optibot Reset Station - Info Disclosure

CVE-2024-38285 HIGH

Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600) < 3.1.171.9 - Insufficiently Protected Credentials in Logs

CVE-2024-38282 HIGH

Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600) < 3.1.171.9 - Unauthenticated Default Credential Exposure

CVE-2024-25052 MEDIUM

IBM Jazz Reporting Service 7.0.3 - Info Disclosure

CVE-2024-26330 MEDIUM

Kape CyberGhostVPN <8.4.3.12823 - Info Disclosure

CVE-2024-35208 MEDIUM

SINEC Traffic Analyzer < 1.2 - Insufficiently Protected Credentials

CVE-2024-37051 CRITICAL

JetBrains IDEs - GitHub Access Token Exposure

CVE-2024-5657 LOW

born05 Two-Factor Authentication 3.3.1-3.3.3 - Password Hash Disclosure via TOTP Submission

Previous Page 12 of 55 Next

Details

Vulnerabilities 1,358

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy