Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-522

CWE-522

Insufficiently Protected Credentials

Parent: CWE-1390 - Weak Authentication

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

1,358 vulnerabilities with CWE-522

CVE-2026-1966 LOW

YugabyteDB Anywhere - Info Disclosure

CVE-2026-24845 MEDIUM

malcontent 0.10.0-1.20.2 - Unauthenticated Docker Registry Credential Exposure via WWW-Authenticate Header

CVE-2026-23958 CRITICAL

Dataease <2.10.19 - Info Disclosure

CVE-2026-21852 HIGH

Claude Code < 2.0.65 - Unauthenticated API Key Exfiltration via Malicious Repository Settings

CVE-2026-1223 MEDIUM

PrismX MX100 AP - Privilege Escalation

CVE-2026-23742 HIGH

Skipper < 0.23.0 - Unauthenticated Information Disclosure via Lua Filter Script Injection

CVE-2026-22911 MEDIUM

SICK TDC-X401GL Firmware - Insufficiently Protected Credentials via Firmware Update Files

CVE-2026-22240 HIGH

BLUVOYIX - Unauthenticated Exposure of Sensitive Information via Users API

CVE-2026-22043 CRITICAL

RustFS 1.0.0-alpha.13-1.0.0-alpha.78 - Privilege Escalation via Flawed IAM deny_only Short-Circuit

CVE-2025-13477 HIGH

OTP Bypass in Digital Operation Services' WifiBurada

CVE-2025-62312 LOW

HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication

CVE-2025-31976 MEDIUM

HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials

CVE-2025-62345 LOW

HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability

CVE-2025-36568 HIGH

Dell PowerProtect Data Domain BoostFS - Info Disclosure

CVE-2025-15622 MEDIUM

Sparx Enterprise Architect Client reveals plaintext OAuth2 client secret

CVE-2025-15621 MEDIUM

Sparx Enterprise Architect Client does not verify the receiver of OAuth2 credentials during OpenID authentication

CVE-2025-15617 MEDIUM

Wazuh GitHub Actions Workflow Exposure of Sensitive Credentials

CVE-2025-13478 HIGH

Cache Misconfiguration Leading to Cross-User Data Exposure

CVE-2025-36440 MEDIUM

IBM Concert 1.0.0-2.2.0 - Missing Function-Level Access Control

CVE-2025-14790 MEDIUM

IBM InfoSphere Information Server is vulnerable to disclosure of sensitive information

CVE-2025-64998 HIGH

Session hijacking via exposed session signing secret in distributed Checkmk setups

CVE-2025-67860 LOW

NeuVector Scanner - Info Disclosure

CVE-2025-52623 LOW

HCL AION 2.0 - Insufficiently Protected Credentials via Password Field Autocomplete

CVE-2025-9521 MEDIUM

Omada Controllers - Privilege Escalation

CVE-2025-65098 HIGH

typebot < 3.13.2 - Unauthenticated Credential Theft via Malicious Typebot Preview

Previous Page 4 of 55 Next

Details

Vulnerabilities 1,358

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy