CWE-522: CWE-522

This vulnerability allows attackers to modify the configuration partition on affected devices without triggering measured boot protections, potentiall...

CVE-2023-43631 allows attackers to gain root access to EVE OS devices by adding their SSH public key to an unprotected config file. This bypasses meas...

This vulnerability allows authenticated users in Tripleplay Platform to modify other users' passwords through crafted requests. It affects all Triplep...

Mobotix Control Center (MxCC) versions up to 2.5.4.5 store administrative credentials in a recoverable format in the MxCC.ini configuration file. This...

CVE-2021-43397 is a privilege escalation vulnerability in LiquidFiles that allows authenticated users with Admin or User Admin privileges to elevate t...

This vulnerability allows attackers with access to log files to steal internal authentication tokens used between the noobaa operator and core compone...

This vulnerability affects Luvion Grand Elite 3 Connect baby monitors where all devices share the same hardcoded root credentials. Attackers can gain ...

This vulnerability allows authenticated OpenShift users who can execute code during container build time to access credentials that are automatically ...

A passback vulnerability in Canon production printers and office multifunction printers allows attackers to bypass authentication mechanisms and gain ...

This vulnerability in Alecto DVC-215IP cameras allows attackers to bypass password masking on the Wi-Fi configuration page, revealing the network pass...

This vulnerability in Hitachi Vantara Pentaho Data Integration & Analytics exposes database passwords when users search metadata injectable fields. At...

This vulnerability allows authenticated attackers with Application Administrator access in Venki Supravizio BPM to leak NTLM hashes, enabling privileg...

The EWON FLEXY 202 industrial router transmits credentials using base64 encoding, which provides no real security. An attacker on the same network can...

This vulnerability in OTRS AgentInterface and ExternalInterface allows attackers to read plain text passwords that are inadvertently sent back to clie...

This vulnerability in Sangoma FreePBX exposes cleartext database and management interface credentials through global variables. Attackers can retrieve...

TP-Link TL-WR845N routers with specific firmware versions have weak default administrator credentials that are easily guessable. This allows attackers...

This vulnerability allows an authenticated admin user in OpenWRT Luci LTS to escalate privileges to root via the JSON-RPC-API exposed by the luci-mod-...

This vulnerability allows attackers to extract default encryption keys from ICT MIFARE and DESFire firmware, enabling them to clone credentials for an...

CVE-2022-22998 is an AWS credential exposure vulnerability in Western Digital My Cloud Home devices where credentials were not properly protected. Thi...

MinKNOW software stores authentication tokens in world-readable temporary directories, allowing local users or malware to steal tokens. If remote acce...

IBM Aspera Faspex versions 5.0.0 through 5.0.7 have a local privilege escalation vulnerability due to insecure credential storage, allowing a local us...

CVE-2023-28088 is a vulnerability in HPE OneView where diagnostic dumps may expose SAN switch administrative credentials. This affects HPE OneView use...

This vulnerability in SAP GUI for Windows allows attackers with local client-side privileges to obtain password-equivalent credentials. Affected users...

CVE-2021-39373 is an access control bypass vulnerability in Samsung Drive Manager 2.0.104 on Samsung H3 devices that allows attackers to bypass disk m...

IBM Security Guardium 11.2 stores user credentials in plain text, allowing local users to read sensitive authentication data. This affects all deploym...

This vulnerability allows authenticated local attackers on Cisco IOS/IOS XE devices to retrieve Common Industrial Protocol (CIP) passwords via a misco...

This vulnerability in JetBrains TeamCity allows attackers to access sensitive Kubernetes resources due to improper connection settings. Organizations ...

This vulnerability in XWiki Change Request allows attackers with change request permissions to edit pages containing password fields and export the ch...

This vulnerability allows users with the 'list chat bots' permission in tgstation-server to read chat bot connection strings without proper authorizat...

Open OnDemand versions 4.0.8 and earlier have a vulnerability where the Apache proxy passes sensitive headers to origin servers. This allows malicious...

CVE-2024-27109 is a credential protection vulnerability in GE HealthCare EchoPAC products where sensitive authentication data is insufficiently secure...

This vulnerability in NVIDIA DGX H100 BMC's IPMI allows attackers to exploit insufficient credential protection, potentially leading to code execution...

This vulnerability allows attackers to intercept credentials transmitted between IDEC PLCs and their management software due to lack of encryption. Af...

CVE-2020-37097 allows unauthenticated attackers to access the wlencrypt_wiz.asp file on Edimax EW-7438RPn range extenders, exposing WiFi network confi...

This vulnerability in Claude Code versions before 2.0.65 allows malicious repositories to exfiltrate Anthropic API keys before users confirm trust. Wh...

CVE-2025-69271 is an insufficient credential protection vulnerability in Broadcom DX NetOps Spectrum that allows attackers to sniff network traffic an...

This vulnerability allows limited administrative users on ZBL EPON ONU Broadband Router V100R001 to escalate privileges by accessing configuration end...

This vulnerability allows non-privileged users on NuCom 11N Wireless Router to retrieve administrative credentials by accessing the configuration back...

Dingtian DT-R002 devices have an insufficiently protected credentials vulnerability that allows unauthenticated attackers to extract proprietary proto...

Ericsson Indoor Connect 8855 has a server-side security bypass vulnerability in the client component that allows attackers to circumvent authenticatio...

CVE-2025-52545 allows attackers to retrieve all usernames and password hashes via an API call in the RCI service of E3 Site Supervisor Control. This a...

This vulnerability in IBM Engineering Requirements Management DOORS Next allows remote attackers to download temporary files, potentially exposing sen...

This vulnerability allows remote attackers to bypass authentication on Software AG webMethods Integration Server by sending an arbitrary username with...

The Jenkins Credentials Plugin vulnerability exposes encrypted credential values stored as SecretBytes when accessing item configuration files via RES...

This CVE describes a protection mechanism failure in some Zoom Workplace Apps and SDKs that allows authenticated users to access sensitive information...

apko versions before 0.14.5 expose HTTP basic authentication credentials in log output when repository or keyring URLs contain authentication informat...

This vulnerability involves insufficiently protected credentials in Fortinet FortiProxy and FortiOS, allowing attackers to execute unauthorized code o...

Apache Solr leaks sensitive system properties like 'basicauth' and 'aws.secretKey' through the /admin/info/properties endpoint because the redaction l...

Apache Kylin versions 2.0.0 to 4.0.3 expose server credentials through an unencrypted web interface that displays the kylin.properties file contents. ...

Acronis Cyber Protect 15 versions before build 35979 insufficiently mask token fields, potentially exposing sensitive authentication or session tokens...