CVE-2026-7313

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active integration with...

WordPress Slek Gateway for WooCommerce plugin <= 1.0 - Unauthenticated Insufficiently Protected Credentials vulnerability

Unauthenticated Insufficiently Protected Credentials vulnerability discovered by KEVIN LEE crattack - OPCIA in WordPress Plugin Slek Gateway for WooCommerce versions = 1.0...

CVE-2026-35155

Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access...

CVE-2026-35155

Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the advertisedReferences function. The headers - including Authorization headers - from an initial /info/refs request are forwarded to redirect targets. An attacker can obtain authentication...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the advertisedReferences function. The headers - including Authorization headers - from an initial /info/refs request are forwarded to redirect targets. An attacker can obtain authentication...

CVE-2025-15622 Sparx Enterprise Architect Client reveals plaintext OAuth2 client secret

Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication fl...

EUVD-2025-209499

Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication...

CVE-2025-15621 Sparx Enterprise Architect Client does not verify the receiver of OAuth2 credentials during OpenID authentication

Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication...

CVE-2025-15621

CVE-2025-15621 affects the Sparx Systems Sparx Enterprise Architect client. The issue is that the client does not verify the receiver of OAuth2 credentials during OpenID authentication, indicating a flaw in credential handling that could allow credential misdirection or leakage within the OAuth/O...

CVE-2026-32171

Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network...

Azure Logic Apps Elevation of Privilege Vulnerability

Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network...

EUVD-2026-19697

An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 5.3...

CVE-2026-5380

An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 5.3...

CVE-2026-5380 runZero Platform cleartext secret exposure

An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 5.3...

PT-2026-30875

An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 5.3...

CVE-2025-14790

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to insufficient policy enforcement in the Trusted Platform Module TPM during the disk decryption process. An attacker can gain unauthorized access to encrypted data by physically replacing the ro...

CVE-2026-28678

DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens JWTs were stored in HTTP cookies without cryptographic protection...

CVE-2026-28678 dsa-hub-server: Clear-Text Storage of Sensitive Data

DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens JWTs were stored in HTTP cookies without cryptographic protection...