12 matches found
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the addLabelsFromOptions function. An attacker can overwrite security-sensitive namespace labels by pushing changes to a monitored repository, thereby weakening admission controls and enabling...
CVE-2025-13477
Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this...
CVE-2026-7312 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441, 15.3.8500 to 15.3.8531, and 15.4.8600 to 15.4.8630 allows a remote unauthenticated attacker to...
CVE-2026-35155
Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access...
CVE-2026-5380 runZero Platform cleartext secret exposure
An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 5.3...
CVE-2026-27770 ePower epower.ie Insufficiently Protected Credentials
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
CVE-2025-36096 AIX Insufficiently Protected Credentials
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques...
CVE-2025-10880 Insufficiently Protected Credentials in Dingtian DT-R002
All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary "Dingtian Binary" protocol password by sending an unauthenticated GET request...
PT-2025-32564 · Abb · Abb Aspect
Name of the Vulnerable Software and Affected Versions: ABB Aspect versions prior to 3.08.04-s01 Description: The software contains an insufficiently protected credentials issue. Recommendations: Update to version 3.08.04-s01 or later...
PT-2025-15650 · Adobe · Commerce
Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier Description: The issue is related to an Insufficiently Protected Credentials vulnerability, which could lead to a security feature bypass. A high...
CVE-2023-27975
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials which leaks the Authorization header after a redirect to a different port on the same site. Remediation Upgrade mechanize to version 2.8.5 or higher. References - GitHub Commit - GitHub PR...