Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-522

CWE-522

Insufficiently Protected Credentials

Parent: CWE-1390 - Weak Authentication

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

1,358 vulnerabilities with CWE-522

CVE-2025-61482 HIGH

NetKnights GmbH privacyIDEA Authenticator v.4.3.0 - Auth Bypass

CVE-2025-54808 HIGH

Oxford Nanopore Technologies' MinKNOW <24.11 - Info Disclosure

CVE-2025-62157 MEDIUM

Argo Workflows < 3.6.12 and 3.7.0-3.7.2 - Insufficiently Protected Credentials in Workflow-Controller Pod Logs

CVE-2025-35054 MEDIUM

Newforma Info Exchange - Privilege Escalation

CVE-2025-61776 MEDIUM

Dependency-Track <4.13.5 - Info Disclosure

CVE-2025-37728 MEDIUM

Crowdstrike Connector - Info Disclosure

CVE-2025-27231 MEDIUM

Zabbix 6.0.0-6.0.40 - Authenticated Credential Leak via LDAP Host Change

CVE-2025-34207 CRITICAL

Vasion Print Virtual Appliance Host < 22.0.1049 and Application < 20.0.2786 - Insecure SSH Configuration

CVE-2025-34196 CRITICAL

Vasion Virtual Appliance Application < 25.1.1413 - Insufficiently Protected Credentials

CVE-2025-10880 HIGH

Dingtian DT-R002 Firmware - Unauthenticated Credential Exposure via GET Request

CVE-2025-10879 MEDIUM

Dingtian DT-R002 Firmware - Unauthenticated Username Disclosure

CVE-2025-40838 HIGH

Ericsson Indoor Connect 8855 Firmware < 2025.q2 - Unauthorized Information Disclosure via Server-Side Security Bypass

CVE-2025-10360 MEDIUM

Puppet Enterprise <2025.5 - Info Disclosure

CVE-2025-54467 MEDIUM

NeuVector 5.0.0-5.4.5 - Insufficiently Protected Credentials in Security Event Log

CVE-2025-23342 HIGH

NVIDIA NVDebug < 1.7.0 - Insufficiently Protected Credentials

CVE-2025-42933 HIGH

SAP Business One (SLD) - Insufficiently Protected Credentials via Unencrypted API Responses

CVE-2025-41682 HIGH

Charge Controller - Info Disclosure

CVE-2025-58366 CRITICAL

Onyxia-API <4.9.0 - Info Disclosure

CVE-2025-55739 MEDIUM

FreePBX <15.0.13, 16.0.2-16.0.14, 17.0.1-17.0.2 - Auth Bypass

CVE-2025-57806 MEDIUM

Local Deep Research <0.6.7 - Info Disclosure

CVE-2025-6519 CRITICAL

E3 Site Supervisor <2.31F01 - Info Disclosure

CVE-2025-52549 CRITICAL

Copeland E3 Supervisory Controller < 2.31f01 - Predictable Root Password

CVE-2025-52545 HIGH

Copeland E3 Supervisory Controller Firmware < 2.31f01 - Insufficiently Protected Credentials via RCI Service API

CVE-2025-52095 CRITICAL

PDQ SmartDeploy < 3.0.2046 - Privilege Escalation via Credential Encryption Routines

CVE-2025-55306 CRITICAL

GenX_FX 1.0.0 - Unauthenticated Credential Exposure via Misconfigured Environment Variables

Previous Page 6 of 55 Next

Details

Vulnerabilities 1,358

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy