CVE-2025-26628

Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally...

PT-2025-15650 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier Description: The issue is related to an Insufficiently Protected Credentials vulnerability, which could lead to a security feature bypass. A high...

CVE-2022-22998

Implemented protections on AWS credentials that were not properly protected...

CVE-2024-55196

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...

The vulnerability of the GLPI system’s handling of requests and incidents, related to insufficient protection of user credentials, allows a malicious individual to obtain unauthorized access to the root account’s password.

The vulnerability in the GLPI system’s request and incident handling process is related to an error in passing configuration data via JavaScript. In this error, some records are filtered out, but the ldappass variable is not filtered. Exploiting this vulnerability could allow a remote attacker to...

CVE-2024-27109

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2024-27109.

CVE-2024-33496

A vulnerability has been identified in SIMATIC RTLS Locating Manager 6GT2780-0DA00 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA10 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA20 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA30 All versions...

CVE-2024-21815

Insufficiently protected credentials CWE-522 for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to vEL8.90.1751 MR3, 8.80 prior to vEL8.80.152...

CVE-2023-27975

CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation...

PT-2024-2809 · Schneider Electric · Ecostruxure Process Expert +1

Name of the Vulnerable Software and Affected Versions: EcoStruxure Control Expert affected versions not specified EcoStruxure Process Expert affected versions not specified Description: A vulnerability exists that could cause unauthorized access to the project file when a local user tampers with...

IBM CICS TX Standard Security Vulnerability

IBM CICS TX Standard and Advanced is a comprehensive, single transaction runtime package from International Business Machines IBM, Inc. It can provide a cloud-native deployment model for standalone applications. A security vulnerability exists in IBM CICS TX Standard that stems from insufficient...

CVE-2023-29055

In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...

PT-2023-5742 · Jenkins · Jenkins Maven Artifact Choicelistprovider (Nexus) Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Maven Artifact ChoiceListProvider Nexus Plugin versions 1.14 and earlier Description: The issue is related to insufficient protection of registration data, allowing attackers with Item/Configure permission to access and capture...

CVE-2022-40685

Insufficiently protected credentials in the IntelR DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access...

Fortinet FortiNAC 安全漏洞

Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is primarily used for network access control and IoT security. A security vulnerability exists in Fortinet FortiNAC that stems from insufficiently protected credentials...

CVE-2022-29833

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally...

Apache Dolphin Scheduler has insufficiently protected credentials

When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher...

CVE-2022-26341

Insufficiently protected credentials in software in IntelR AMT SDK before version 16.0.4.1, IntelR EMA before version 1.7.1 and IntelR MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access...

CVE-2022-29507

Insufficiently protected credentials in the IntelR Team Blue mobile application in all versions may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2022-26844

Insufficiently protected credentials in the installation binaries for IntelR SEAPI in all versions may allow an authenticated user to potentially enable escalation of privilege via local access...