Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-522

CWE-522

Insufficiently Protected Credentials

Parent: CWE-1390 - Weak Authentication

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

1,358 vulnerabilities with CWE-522

CVE-2025-54156 HIGH

Sante PACS Server < 4.2.3 - Cleartext Transmission of Sensitive Credential Information

CVE-2025-40751 MEDIUM

SIMATIC RTLS Locating Manager < 3.3 - Authenticated Credential Exposure in Report Client

CVE-2025-48709 LOW

BMC Control-M/Server 9.0.21.300 - Info Disclosure

CVE-2025-54394 MEDIUM

Netwrix Directory Manager 11.0.0.0-11.1.25162.02 - Insufficiently Protected Credentials in Excel Resource Requests

CVE-2025-54882 HIGH

Himmelblau 0.8.0-0.9.21 and 1.0.0-beta-1.1.0 - Unprotected Credential Exposure via World-Readable Kerberos Cache

CVE-2025-54876 MEDIUM

Janssen Project <= 1.9.0 - Insufficiently Protected Credentials via CLI Log File

CVE-2025-38739 HIGH

Dell Digital Delivery < 5.6.1.0 - Unauthenticated Information Disclosure via Insufficiently Protected Credentials

CVE-2025-53008 MEDIUM

GLPI 9.3.1-10.0.19 - Authenticated Credential Theft via Malicious Payload

CVE-2025-5922 MEDIUM

TSplus Remote Access Admin Tool <18.40.6.17 - Info Disclosure

CVE-2025-54422 MEDIUM

Sandboxie < 1.16.2 - Insufficiently Protected Credentials via Shared Memory and Command-Line Arguments

CVE-2025-54428 CRITICAL

RevelaCode <1.0.1 - Info Disclosure

CVE-2025-54380 MEDIUM

Opencast < 17.6 - Insufficiently Protected Credentials via MediaPackage XML Fetch

CVE-2025-34139 HIGH

Sitecore Experience Manager (XM) 8.0-10.4 - Unauthenticated Arbitrary File Read

CVE-2025-6227 LOW

Mattermost <10.5.7, <9.11.16 - Info Disclosure

CVE-2025-7565 MEDIUM

LB-LINK BL-AC3600 <1.0.22 - Info Disclosure

CVE-2025-53743 MEDIUM

Jenkins Applitools Eyes Plugin <1.16.5 - Info Disclosure

CVE-2025-53671 MEDIUM

Jenkins Nouvola DiveCloud Plugin <1.08 - Info Disclosure

CVE-2025-53669 MEDIUM

Jenkins VAddy Plugin <1.2.8 - Info Disclosure

CVE-2025-53667 MEDIUM

Jenkins Dead Man's Snitch Plugin 0.1 - Info Disclosure

CVE-2025-53661 MEDIUM

Jenkins Testsigma Test Plan run Plugin <1.6 - Info Disclosure

CVE-2025-53660 MEDIUM

Jenkins QMetry Test Management Plugin <1.13 - Info Disclosure

CVE-2025-53657 MEDIUM

Jenkins ReadyAPI Functional Testing Plugin <1.11 - Info Disclosure

CVE-2025-53654 MEDIUM

Jenkins Statistics Gatherer Plugin <2.0.3 - Info Disclosure

CVE-2025-53650 HIGH

Jenkins Credentials Binding Plugin <687.v619cb_15e923f - Info Discl...

CVE-2025-24508 MEDIUM

IT Management Agent - Info Disclosure

Previous Page 7 of 55 Next

Details

Vulnerabilities 1,358

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy