CWE-522: CWE-522

The AXIS Camera Station Pro Incident Report feature may expose sensitive credentials stored in the Windows client when credentials are configured for ...

This vulnerability in SIMATIC RTLS Locating Manager allows authenticated local attackers to extract credentials from the Track Viewer Client. Attacker...

MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability where local attackers can view SSH connection passwords through Windows Pow...

This vulnerability allows attackers to obtain NTLM password hashes through the built-in web server API in JetBrains IntelliJ IDEA. It affects users ru...

A third-party component exposes passwords in process arguments, allowing low-privileged users to view sensitive credentials. This affects systems usin...

This vulnerability exposes administrator passwords in plaintext within the web management interface's input fields. Anyone with access to the UI can d...

This vulnerability exposes the administrator password in plaintext on the web interface of Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-F...

GRAU DATA Blocky versions before 3.1 store passwords using reversible encryption instead of secure hashing. This allows attackers with Windows adminis...

CVE-2025-64122 is an insufficiently protected credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC) that allows attackers to steal...

HCL Traveler for Microsoft Outlook (HTMO) has a credential leakage vulnerability that could allow attackers to access other computers or applications ...

A macOS vulnerability allows malicious applications to bypass entitlement checks and potentially leak user credentials. This affects macOS Ventura and...

This vulnerability allows an authenticated local attacker to steal an administrator's authentication token from the CLI command in USG FLEX H series f...

This vulnerability allows a local attacker to obtain sensitive API key information from IBM Cognos Analytics and IBM Cognos Analytics Reports for iOS....

This vulnerability allows a malicious user with access to a Kibana space to create a Crowdstrike connector and retrieve cached credentials from other ...

This CVE describes an information disclosure vulnerability in SAP Business One's anonymous API within the SLD component. Attackers with normal user ac...

Dingtian DT-R002 devices have an insufficiently protected credentials vulnerability that allows unauthenticated attackers to retrieve the current user...

This vulnerability exposes sensitive password information in NeuVector security event logs when Java commands with password parameters are terminated ...

Netwrix Directory Manager versions 11.0.0.0 through 11.1.25162.02 insufficiently protect credentials when making requests to remote Excel resources. T...

Jenkins Applitools Eyes Plugin versions 1.16.5 and earlier expose Applitools API keys in plain text on job configuration forms. This allows attackers ...

This vulnerability in SourceCodester Prison Management System 1.0 allows attackers to access insufficiently protected credentials through the Profile ...

This vulnerability in JetBrains TeamCity exposes application tokens in EC2 Cloud Profile settings, potentially allowing unauthorized access to cloud r...

In HCL DevOps Deploy versions 8.1.2.0 through 8.1.2.3, users with LLM configuration privileges can recover previously saved credentials used for authe...

EasyFlow GP software by Digiwin has a vulnerability where database credentials are insufficiently protected, allowing remote attackers with privileged...

EasyFlow GP software by Digiwin has a vulnerability where insufficient credential protection allows remote attackers with privileged access to obtain ...

This vulnerability allows remote administrators in Bitrix24 to send SMTP account passwords to arbitrary external servers via HTTP POST requests due to...

This vulnerability allows remote administrators in Bitrix24 to exfiltrate AD/LDAP administrator account passwords to arbitrary external servers via HT...

IBM CICS Transaction Gateway for Multiplatforms versions 9.2 and 9.3 transmits or stores authentication credentials using insecure methods, making the...

IBM InfoSphere Information Server 11.7 contains an information disclosure vulnerability where privileged users can access sensitive authentication dat...

Dependency-Track versions before 4.13.5 may inadvertently send private NuGet repository credentials and internal component metadata to the public api....

This vulnerability in SAP NetWeaver Java Software Update Manager 1.1 exposes credentials in plaintext log files when software upgrades encounter error...

This vulnerability in IBM Robotic Process Automation allows users with physical access to systems to obtain sensitive information due to insufficient ...

This vulnerability affects CPCI85 Central Processing/Communication devices with versions below V05.30. An attacker with physical access to the SPI bus...

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier have an insufficient credential protection vulnerability that allows attackers to gain unauth...

This vulnerability in JetBrains TeamCity allows passwords to be exposed through the Sonar runner REST API. Attackers could potentially retrieve sensit...

NeuVector scanner exposes sensitive credentials via command-line arguments, allowing local users on the same system to view registry and controller cr...

HCL AION 2.0 has a vulnerability where password fields don't disable autocomplete, potentially allowing browsers to store or autofill credentials. Thi...

YugabyteDB Anywhere displays LDAP bind passwords in cleartext within its web UI configuration view. Authenticated users with configuration access can ...

This vulnerability allows attackers with valid session tokens to bypass password confirmation requirements and change user passwords without proper ve...