Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-522

CWE-522

Insufficiently Protected Credentials

Parent: CWE-1390 - Weak Authentication

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

1,358 vulnerabilities with CWE-522

CVE-2025-58742 MEDIUM

Milner ImageDirector Capture <7.6.3.25808 - SSRF

CVE-2025-58741 HIGH

Milner ImageDirector Capture <7.6.3.25808 - Info Disclosure

CVE-2025-69271 HIGH

Broadcom DX NetOps Spectrum < 25.4.1 - Insufficiently Protected Credentials

CVE-2025-62327 MEDIUM

HCL DevOps Deploy 8.1.2.0-8.1.2.3 - Authenticated Credential Exposure via LLM Configuration

CVE-2025-67732 MEDIUM

dify < 1.11.0 - Unauthenticated API Key Exposure via Frontend

CVE-2025-64420 CRITICAL

Coolify <= 4.0.0-beta.434 - Insufficiently Protected Credentials

CVE-2025-64122 MEDIUM

Nuvation Energy MSC <2.5.1 - Open Redirect

CVE-2025-15113 CRITICAL

Ksenia Security Lares 4.0 Home Automation <1.6 - Code Injection

CVE-2025-66029 HIGH

Open OnDemand <4.0.8 - Info Disclosure

CVE-2025-14148 MEDIUM

IBM UCD - IBM DevOps Deploy <8.1.2.3 - Info Disclosure

CVE-2025-58130 CRITICAL

Apache Fineract <= 1.11.0 - Insufficiently Protected Credentials

CVE-2025-64898 MEDIUM

Adobe ColdFusion <= 2025.4, <= 2023.16, <= 2021.22 - Insufficiently Protected Credentials

CVE-2025-63361 MEDIUM

Waveshare RS232/485 TO WIFI ETH (B) - Info Disclosure

CVE-2025-13758 LOW

Devolutions Server <= 2025.2.20 and <= 2025.3.8 - Exposure of Credentials in Unintended Requests

CVE-2025-13164 MEDIUM

Digiwin EasyFlow GP 5.8.8.3-5.8.11.1.0810112 - Insufficiently Protected Credentials

CVE-2025-13163 MEDIUM

Digiwin EasyFlow GP 5.8.8.3-5.8.11.1.0810112 and 8.1.0-8.1.1.2 - Insufficiently Protected Database Credentials

CVE-2025-13187 MEDIUM

Intelbras ICIP 2.0.20 - Info Disclosure

CVE-2025-36096 CRITICAL

IBM AIX 7.2-7.3 and VIOS 3.1-4.1 - Insufficiently Protected Credentials in NIM Private Key Storage

CVE-2025-6571 MEDIUM

3rd-party component - Info Disclosure

CVE-2025-42897 MEDIUM

SAP Business One (SLD) - Information Disclosure via Anonymous API

CVE-2025-12636 MEDIUM

Ubia Camera Ecosystem - Info Disclosure

CVE-2025-54863 CRITICAL

Radiometrics VizAir < 2025-08 - Unauthenticated Exposure of REST API Key via Public Configuration File

CVE-2025-34270 MEDIUM

Nagios Log Server < 2024R2.0.2 - Insufficiently Protected Credentials in AD/LDAP User Import

CVE-2025-12461 MEDIUM

Epsilon RH >=3.03.36.0185 - Unauthenticated Information Disclosure via License Endpoint

CVE-2025-62794 LOW

GitHub Workflow Updater <0.0.7 - Info Disclosure

Previous Page 5 of 55 Next

Details

Vulnerabilities 1,358

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy