Lucene search
K

361 matches found

Snyk
Snyk
added 2026/06/18 2:31 p.m.4 views

Insufficiently Protected Credentials

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the backup process. An attacker can obtain sensitive account credentials and configuration secrets by...

6.9CVSS5.8AI score0.00174EPSS
Exploits0References3
Talos
Talos
added 2026/06/15 12:0 a.m.9 views

GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability. Confirmed Vulnerable Versions The...

6.5CVSS5.4AI score0.00271EPSS
Exploits0
Snyk
Snyk
added 2026/06/11 1:28 p.m.6 views

Insufficiently Protected Credentials

Overview meta-ads-mcp is a Model Context Protocol MCP server for Meta Ads - Use Remote MCP at pipeboard.co for easiest setup Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the AuthInjectionMiddleware.dispatch process. An attacker can gain unauthorized...

9.3CVSS5.8AI score0.0013EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.9 views

PT-2026-52482

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Insufficiently protected credentials stored within firmware or system files may allow an unauthenticated attacker to gain unauthorized access and expose sensitiv...

8.7CVSS7AI score0.00247EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/02 1:9 p.m.8 views

CVE-2026-7313

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active integration with...

8.7CVSS5.8AI score0.00319EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/11 7:6 p.m.19 views

WordPress Slek Gateway for WooCommerce plugin <= 1.0 - Unauthenticated Insufficiently Protected Credentials vulnerability

Unauthenticated Insufficiently Protected Credentials vulnerability discovered by KEVIN LEE crattack - OPCIA in WordPress Plugin Slek Gateway for WooCommerce versions = 1.0...

5.3CVSS5.8AI score0.00251EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/29 5:16 a.m.5 views

CVE-2026-35155

Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access...

7.1CVSS0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/29 3:50 a.m.34 views

CVE-2026-35155

Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access...

7.1CVSS0.0022EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/17 10:31 p.m.10 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the advertisedReferences function. The headers - including Authorization headers - from an initial /info/refs request are forwarded to redirect targets. An attacker can obtain authentication...

7.4CVSS5.8AI score0.00259EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:31 p.m.9 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the advertisedReferences function. The headers - including Authorization headers - from an initial /info/refs request are forwarded to redirect targets. An attacker can obtain authentication...

7.4CVSS5.8AI score0.00259EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/17 8:35 a.m.31 views

CVE-2025-15622 Sparx Enterprise Architect Client reveals plaintext OAuth2 client secret

Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication fl...

6.2CVSS0.00155EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/16 3:31 p.m.5 views

EUVD-2025-209499

Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication...

5.7CVSS5.8AI score0.00115EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/16 12:40 p.m.37 views

CVE-2025-15621 Sparx Enterprise Architect Client does not verify the receiver of OAuth2 credentials during OpenID authentication

Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication...

5.7CVSS0.00115EPSS
Exploits0References1
CVE
CVE
added 2026/04/16 12:40 p.m.22 views

CVE-2025-15621

CVE-2025-15621 affects the Sparx Systems Sparx Enterprise Architect client. The issue is that the client does not verify the receiver of OAuth2 credentials during OpenID authentication, indicating a flaw in credential handling that could allow credential misdirection or leakage within the OAuth/O...

5.7CVSS5.8AI score0.00115EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 4:58 p.m.3 views

CVE-2026-32171

Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network...

8.8CVSS5.8AI score0.0044EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/04/14 2:0 p.m.8 views

Azure Logic Apps Elevation of Privilege Vulnerability

Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network...

8.8CVSS6.3AI score0.0044EPSS
Exploits0
EUVD
EUVD
added 2026/04/07 3:30 p.m.6 views

EUVD-2026-19697

An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 5.3...

5.3CVSS5.8AI score0.00196EPSS
Exploits0References3
NVD
NVD
added 2026/04/07 3:17 p.m.4 views

CVE-2026-5380

An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 5.3...

5.3CVSS0.00196EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/07 2:12 p.m.26 views

CVE-2026-5380 runZero Platform cleartext secret exposure

An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 5.3...

5.3CVSS0.00196EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.8 views

PT-2026-30875

An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 5.3...

5.3CVSS5.8AI score0.00196EPSS
Exploits0References3
Rows per page
Query Builder