CWE-522: CWE-522

Social Media Skeleton versions before 1.0.5 do not properly salt password hashes, making stored passwords vulnerable to cracking if attackers obtain t...

This vulnerability in DERICIA Co. Ltd's DELICIA v.13.6.1 allows remote attackers to access sensitive information through improper handling of channel ...

CVE-2020-18406 is a vulnerability in cmseasy v7.0.0 that transmits user credentials in plain text without encryption. This allows attackers to interce...

WFTPD 3.25 stores usernames and password hashes in a plaintext configuration file (wftpd.ini) that is readable without authentication. This allows any...

The Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.149 and earlier expose credentials in plain text on configuration forms inst...

Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request, allowing attackers to obtain authentication information. ...

CVE-2021-33589 is a cryptographic weakness in Ribose RNP where a required step in the encryption algorithm is omitted, resulting in weaker encryption ...

The Aten PE8108 Power Distribution Unit firmware version 2.4.232 allows unauthenticated attackers to retrieve Telnet and SNMP credentials. This vulner...

This vulnerability allows unauthenticated attackers to access a configuration page containing the switch's administrative password in plain text throu...

AMI MegaRAC SPX devices allow password disclosure through Redfish interfaces, enabling attackers to retrieve credentials. This affects organizations u...

CVE-2022-43460 is a vulnerability in Fujifilm Driver Distributor v2.2.3.1 and earlier where administrator passwords are stored in a recoverable encryp...

Anchore Enterprise anchorectl version 0.1.4 improperly embeds API credentials in generated Software Bill of Materials (SBOM) files. This exposes sensi...

Gradle Enterprise versions through 2022.2.2 have an incorrect access control vulnerability that allows unauthorized users to access sensitive informat...

IBM Spectrum Protect Plus versions 10.1.0.0 through 10.1.9.3 write credentials in clear text to virgo log files during certain operations. This expose...

Konica Minolta bizhub MFP devices store administrative passwords in cleartext files, allowing attackers with local access to read sensitive credential...

This vulnerability in Strapi's DOCUMENTATION plugin stores passwords in a recoverable format (base64 encoded in cookies). Attackers who intercept HTTP...

This vulnerability in Samsung SCX-6x55X printers allows unauthenticated attackers to access SMB user credentials stored in cleartext by viewing HTML s...

This vulnerability allows an attacker with limited AppContainer privileges to elevate to SYSTEM-level privileges on Windows systems. It affects Window...

This vulnerability affects NetModule networking devices where passwords are stored insecurely using cleartext or reversible encryption. Attackers with...

The Ypsomed mylife Cloud and mobile application disclose password hashes during user registration. This vulnerability allows attackers to obtain passw...

IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 store user credentials in plain text, allowing unauthorized users to read...

CVE-2020-29322 is a vulnerability in D-Link DIR-880L routers where hardcoded credentials in the telnet service can be extracted through firmware decom...

IBM Cognos Analytics 11.0 and 11.1 have a vulnerability where the New Data Server Connection page incorrectly enables autocomplete for credential fiel...

This vulnerability exposes sensitive SSH keys within downloadable firmware images for homee Brain Cube v2 devices, allowing attackers to use the suppo...

This vulnerability in WAGO managed switches allows attackers to read password hashes of all Web-based Management users. This affects organizations usi...

MicroSeven MYM71080i-B devices transmit admin credentials in cleartext to a remote server, allowing attackers on the same network to intercept and cap...

The Jenkins Credentials Binding Plugin versions 687.v619cb_15e923f and earlier expose sensitive credentials in error messages written to build logs. T...

CVE-2025-26628 is an information disclosure vulnerability in Azure Local Cluster where credentials are insufficiently protected. An authorized attacke...

This vulnerability allows attackers to bypass authentication and gain unauthorized access to Agilia Link+ web applications by manipulating client-side...

This vulnerability in Weintek Weincloud v0.13.6 allows attackers to abuse the registration functionality to log in with testing credentials to the off...

The Aten PE8108 power distribution unit firmware version 2.4.232 has an access control vulnerability where restricted users can read administrator cre...

Himmelblau versions 0.8.0-0.9.21 and 1.0.0-beta-1.1.0 store Kerberos credential caches with world-readable permissions, allowing any local user to acc...

This vulnerability in BIG-IP Next CNF and SPK systems allows unauthorized access to sensitive files that should be protected. It affects organizations...

This vulnerability allows a local attacker with access to the engineering workstation to tamper with memory and gain unauthorized access to project fi...

Allegro Windows 3.3.4152.0 embeds hardcoded database administrator credentials in its binary files, allowing any user with access to the software to e...

This vulnerability allows unauthorized users to read or modify protected function blocks in Schneider Electric industrial control software when access...

This vulnerability allows attackers with physical access to Moxa industrial computers to access the bootloader menu using a device-unique password. Th...

This vulnerability allows attackers to reconfigure Konica Minolta bizhub 227 printers to use attacker-controlled LDAP servers, enabling credential cap...

This vulnerability allows physically proximate attackers to extract cryptographic keys from the internal flash memory of Minut M2 devices running firm...

This vulnerability exposes charging station authentication identifiers through public web mapping platforms, allowing unauthorized access to sensitive...

malcontent versions 0.10.0 through 1.20.2 expose Docker registry credentials when scanning malicious OCI images. Attackers can redirect authentication...

IBM UrbanCode Deploy versions 8.1 through 8.1.2.3 contain an information disclosure vulnerability where authenticated users with LLM integration confi...

This vulnerability in the Ubia camera ecosystem allows attackers to access improperly secured API credentials, potentially connecting to backend servi...

Argo Workflows versions before 3.6.12 and 3.7.0-3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. Attackers w...

The Jenkins Statistics Gatherer Plugin stores AWS Secret Keys unencrypted in global configuration files, allowing attackers with file system access to...

This vulnerability in Veeam Backup & Replication allows authenticated users with operator roles to expose saved credentials by exploiting a remote man...

This vulnerability allows authenticated remote attackers to read arbitrary files on Cisco SD-WAN vManage systems through the web management interface....

This vulnerability allows attackers to access database credentials stored in plaintext or encoded format on endpoints during database scanning operati...

This vulnerability allows attackers to extract Account Connectivity Credentials (ACCs) from the secure storage of IT Management Agent. Affected organi...

The AXIS Camera Station Pro Incident Report feature may expose sensitive credentials stored in the Windows client when credentials are configured for ...