83 matches found
Gitlab -- Vulnerabilities
Gitlab reports: Cross-site Scripting issue in vulnerability evidence table renderer impacts GitLab EE HTML Injection in wiki markup rendering impacts GitLab CE/EE Insufficiently Protected Credentials issue in repository mirroring impacts GitLab EE Improper Access Control issue in work items impac...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the addLabelsFromOptions function. An attacker can overwrite security-sensitive namespace labels by pushing changes to a monitored repository, thereby weakening admission controls and enabling...
CVE-2025-13477
Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this...
CVE-2026-7312 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441, 15.3.8500 to 15.3.8531, and 15.4.8600 to 15.4.8630 allows a remote unauthenticated attacker to...
CVE-2024-47271
Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...
PT-2026-42462
Name of the Vulnerable Software and Affected Versions WifiBurada versions prior to 21052026 Description Insufficiently protected credentials in WifiBurada allow for authentication bypass, which can lead to the exposure of private personal information to an unauthorized actor. Recommendations Upda...
CVE-2025-31976 HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials
HCL BigFix Service Management SM is vulnerable to insufficiently protected credentials for a short duration while communicating with a backend, internal application which could allow an attacker to potentially misuse them, if exfiltrated...
HCL BigFix Service Management 安全漏洞
HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management SM has a security vulnerability. This vulnerability arises from insufficient protection of credentials during communication with backend...
CVE-2026-35155
Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access...
CVE-2026-35155
Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access...
PT-2026-32837
CVE-2026-32171 Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network. https://t.co/kY4zlAhYAl...
CVE-2026-5380 runZero Platform cleartext secret exposure
An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 5.3...
CVE-2026-23658
Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network...
PT-2026-26350
Azure DevOps: msazure Elevation of Privilege Vulnerability CVE: CVE-2026-23658 PT-Identifier: PT-2026-26350 Vendor: Microsoft Product: Azure DevOps: msazure CVSS: 8.6 Credits: n/a Description: Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileg...
CVE-2026-28678
CVE-2026-28678 pertains to the DSA Study Hub application. Prior to commit d527fba, the authentication system in server/routes/auth.js stored JWTs in HTTP cookies without cryptographic protection of the payload, exposing credential data via insufficiently protected credentials. The issue affects t...
CVE-2026-27770 ePower epower.ie Insufficiently Protected Credentials
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
PT-2026-3667
Name of the Vulnerable Software and Affected Versions Milner ImageDirector Capture versions 7.0.9 through 7.6.3.25808 Description A security issue exists in the Connection Settings dialog of Milner ImageDirector Capture that allows an Adversary in the Middle AiTM attack. This occurs because the...
CVE-2025-69271
Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier...
CVE-2025-69271
Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier...
CVE-2025-69271
Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier...