CWE-523: CWE-523

Total CVEs

Critical

High

7.6

Avg CVSS

Yearly Trend

2025

2023

2021

2020

Top Affected Vendors

1 Brocade 1

2 Apache 1

3 Piigab 1

4 Secomea 1

5 Gehealthcare 1

All CWE-523 CVEs (7)

CVE-2020-25175

9.8

CVE-2020-25175 exposes specific credentials during network transmission in GE Healthcare imaging and ultrasound products, allowing attackers to interc...

Dec 14, 2020

CVE-2024-1509

9.1

Brocade ASCG web interface versions before 3.2.0 lack HTTP Strict Transport Security (HSTS) enforcement, allowing attackers to downgrade HTTPS connect...

Feb 28, 2025

CVE-2021-32003

8.0

This vulnerability allows a local attacker to capture credentials transmitted in plaintext by the SiteManager provisioning service after initial devic...

Aug 5, 2021

CVE-2025-64308

7.5

The Brightpick Mission Control web application contains hardcoded credentials in client-side JavaScript files, allowing attackers to extract authentic...

Nov 15, 2025

CVE-2023-31277

7.5

PiiGAB M-Bus devices transmit authentication credentials in plaintext format without encryption, allowing attackers to intercept and steal login infor...

Jul 6, 2023

CVE-2025-41705

6.8

CVE-2025-41705 allows an unauthenticated attacker positioned as a man-in-the-middle (MITM) to intercept websocket communications and capture login cre...

Oct 14, 2025

CVE-2023-28708

4.3

Apache Tomcat fails to set the 'secure' attribute on session cookies when using RemoteIpFilter with X-Forwarded-Proto headers from reverse proxies. Th...

Mar 22, 2023

About CWE-523 (CWE-523)

Our database tracks 7 CVEs classified as CWE-523, with 2 rated critical and 3 rated high severity. The average CVSS score for CWE-523 vulnerabilities is 7.6.

External reference: View CWE-523 on MITRE CWE →

Monitor CWE-523 Vulnerabilities

Get alerted when new CWE-523 CVEs affect your infrastructure.

Start Monitoring Free