CWE-522: CWE-522

This CVE describes a username enumeration vulnerability in ABB industrial control system products that allows attackers to access user management func...

CVE-2021-30116 is an authentication bypass vulnerability in Kaseya VSA that allows unauthenticated attackers to obtain agent credentials and use them ...

This vulnerability allows low-privileged users in Coolify to view the root user's private SSH key, enabling them to authenticate as root on the server...

This vulnerability allows standard users to execute commands with administrative privileges through stored credentials in the MEAC applications' run-a...

pgAdmin versions 8.11 and earlier have an OAuth2 authentication vulnerability that could expose client IDs and secrets. This allows attackers to poten...

Dataease versions before 2.10.19 use MD5-hashed passwords as JWT signing secrets, allowing attackers to brute-force admin passwords via unmonitored AP...

Vasion Print (formerly PrinterLogic) contains hardcoded private keys and passwords in configuration files, allowing attackers who obtain these files t...

CVE-2025-6519 allows attackers to predictably generate the password for the default 'ONEDAY' admin account in E3 Site Supervisor firmware, granting ad...

CVE-2025-52549 allows attackers to predict the root Linux password on vulnerable E3 Site Supervisor Control devices by analyzing device parameters. Th...

This vulnerability in PDQ Smart Deploy allows attackers to decrypt stored credentials using static encryption keys, enabling privilege escalation. Org...

This vulnerability in GenX_FX trading platform exposes API keys and authentication tokens due to misconfigured environment variables, allowing unautho...

This CVE involves accidental exposure of a MongoDB Atlas database connection string containing credentials in a public GitHub repository. Attackers co...

A data exposure vulnerability in Rockwell Automation FactoryTalk AssetCentre allows threat actors to steal user authentication tokens due to insecure ...

A critical encryption vulnerability in Rockwell Automation FactoryTalk AssetCentre allows attackers to extract other users' passwords due to weak encr...

This vulnerability allows supervisor-level code on STMicroelectronics SPC58 PowerPC microcontrollers to disable the System Memory Protection Unit, gra...

CVE-2024-44000 is a critical authentication bypass vulnerability in LiteSpeed Cache WordPress plugin that allows unauthenticated attackers to take ove...

The H3C ER8300G2-X router's management system login interface allows unauthorized access to the router password. This vulnerability enables attackers ...

This vulnerability in Relyum RELY-PCIe and RELY-REC allows attackers to change passwords without providing the current password, bypassing authenticat...

TSplus Remote Work 16.0.0.0 exposes cleartext passwords in HTML source code, allowing attackers to steal credentials. This affects organizations using...

CVE-2022-45611 is an authentication bypass vulnerability in Fresenius Kabi PharmaHelp 5.1.759.0 that allows attackers to capture user login credential...

This vulnerability in Android's Wi-Fi Trust On First Use (TOFU) flow allows credential disclosure due to a logic error in ClientModeImpl.java. Attacke...

CVE-2022-45599 is a PHP type juggling vulnerability in Aztech WMB250AC mesh routers that allows attackers to bypass authentication and gain administra...

This vulnerability in 3CX Phone System Management Console allows unauthenticated attackers to read arbitrary files via directory traversal, leading to...

CVE-2021-37401 allows attackers to extract user credentials from IDEC MicroSmart FC6A PLCs by accessing stored files on SD cards or backup repositorie...

This vulnerability involves an unprotected SSH private key present on Gryphon devices that could allow attackers to gain root access to Gryphon's deve...

CVE-2021-35965 is a critical vulnerability in the Orca HCM digital learning platform where a weak, hard-coded default administrator password is embedd...

CVE-2020-12061 is a critical vulnerability in Nitrokey FIDO U2F firmware where communication between the microcontroller and secure element transmits ...

CVE-2020-21994 is a critical authentication bypass vulnerability in AVE DOMINAplus building automation systems. Unauthenticated attackers can retrieve...

CVE-2021-30167 is an authentication bypass vulnerability in network camera devices that allows authenticated remote attackers to modify URL parameters...

CVE-2021-28171 is an authentication bypass vulnerability in Vangene deltaFlow E-platform where attackers can manipulate cookie data to gain privileged...

CVE-2021-27372 is a critical vulnerability in Realtek xPON RTL9601D SDK 1.9 where passwords are stored in plaintext. This allows attackers to potentia...

This vulnerability allows unauthenticated attackers to bypass authentication mechanisms in Rockwell Automation industrial control systems. It affects ...

CVE-2020-29583 is a critical vulnerability in Zyxel USG devices where firmware version 4.60 includes a hidden administrative account (zyfwp) with a ha...

This vulnerability allows attackers to retrieve cleartext TELNET credentials by executing the 'show system infor' command on affected CDATA optical li...

This vulnerability in Canon Oce ColorWave 3500 printers allows attackers to retrieve stored SMB credentials through the WebTools export feature, bypas...

This vulnerability in the expo.io framework allows attackers to hijack user accounts and steal credentials when victims click malicious links. It affe...

Ksenia Security Lares 4.0 Home Automation version 1.6 contains an unprotected endpoint that allows authenticated attackers to upload MPFS File System ...

This vulnerability in JetBrains IDEs exposes GitHub access tokens to third-party websites, potentially allowing attackers to steal credentials and acc...

CVE-2025-58130 is an insufficiently protected credentials vulnerability in Apache Fineract that could allow attackers to access sensitive authenticati...

This vulnerability in Dorset DG 201 Digital Lock allows attackers to clone NFC cards by exploiting insecure storage of NFC data, enabling unauthorized...

Pentaminds CuroVMS v2.0.1 contains exposed credentials that could allow attackers to access sensitive information. This affects organizations using th...

CVE-2022-45157 is a high-severity vulnerability where Rancher stores vSphere CPI and CSI credentials in plaintext objects. This allows attackers with ...

Authenticated but unprivileged users can access insufficiently protected credentials for third-party DVR integrations in Gallagher Command Centre. Thi...

This vulnerability in typed-rest-client allows authentication credentials (basic auth, bearer tokens, or personal access tokens) to be unintentionally...

Ricoh mp_c4504ex multifunction printers with firmware 1.06 mishandle credentials, potentially allowing unauthorized access to device management functi...

This vulnerability allows remote unauthenticated attackers to capture credentials transmitted in plaintext during user registration or password change...

IBM AIX and VIOS systems store NIM private keys insecurely, allowing attackers with network access to intercept and misuse these keys. This affects IB...