Lucene search
K

360 matches found

RedhatCVE
RedhatCVE
added 2025/04/11 3:36 a.m.28 views

CVE-2025-27192

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to...

2.7CVSS6.7AI score0.00419EPSS
Exploits0References3
Snyk
Snyk
added 2025/04/08 9:31 p.m.2 views

Insufficiently Protected Credentials

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Insufficiently Protected Credentials. An attacker can gain unauthorized access to sensitive information by obtaining insufficiently protected credentials. Remediation Upgra...

5.1CVSS6.4AI score0.00419EPSS
Exploits0References2
OSV
OSV
added 2025/04/08 9:31 p.m.3 views

GHSA-2R94-WM5V-4PRX Magento does not properly protect credentials

Magento versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to protect...

2.7CVSS6.5AI score0.00419EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/04/08 8:17 p.m.9 views

CVE-2025-27192 Adobe Commerce | Insufficiently Protected Credentials (CWE-522)

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to...

2.7CVSS0.00419EPSS
Exploits0References1
CVE
CVE
added 2025/04/08 8:17 p.m.70 views

CVE-2025-27192

CVE-2025-27192 affects Adobe Commerce/Magento: versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier. Root cause: Insufficiently Protected Credentials that could allow an attacker with elevated privileges to obtain sensitive credential information and bypass security features...

2.7CVSS6.9AI score0.00419EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/08 8:17 p.m.8 views

CVE-2025-27192 Adobe Commerce | Insufficiently Protected Credentials (CWE-522)

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to...

2.7CVSS6.9AI score0.00419EPSS
Exploits0References1
CVE
CVE
added 2025/03/28 12:32 p.m.54 views

CVE-2025-2908

CVE-2025-2908 concerns MeetMe products with a vulnerability in the call forwarding configuration module where credentials can be exposed via configuration files in versions prior to 2024-09. This is supported by multiple sources in the connected set (NVD/Red Hat/CIRC L/NVD entries). Impact stated...

8.5CVSS7.2AI score0.00172EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/05 2:55 p.m.3 views

CVE-2024-12799 Insufficiently Protected Credentials

Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated user to obtain higher privileged user’s sensitive information via crafted payload. This issue affects...

10CVSS6.6AI score0.0036EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/05 2:55 p.m.10 views

CVE-2024-12799 Insufficiently Protected Credentials

Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated user to obtain higher privileged user’s sensitive information via crafted payload. This issue affects...

10CVSS0.0036EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/03/05 12:0 a.m.7 views

PT-2025-9833 · Opentext · Opentext Identity Manager Advanced Edition

Name of the Vulnerable Software and Affected Versions: OpenText Identity Manager Advanced Edition versions 4.8.0.0 through 4.9.0.0 Description: The issue is related to insufficiently protected credentials, allowing an authenticated user to obtain higher privileged user’s sensitive information via...

10CVSS5.7AI score0.0036EPSS
Exploits0References16
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/03 1:31 p.m.7 views

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Temporary File Download (CVE-2024-41771) and Archive File Download (CVE-2024-41770)

Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Temporary File Download CVE-2024-41771 and Archive File Download CVE-2024-41770. Vulnerability Details CVEID:CVE-2024-41770 DESCRIPTION: IBM Engineering Requirements Management DOORS Next could allow a remote attacker to...

7.5CVSS6.7AI score0.00442EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2025/02/27 8:2 a.m.5 views

Insufficiently Protected Credentials

leantime/leantime is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to improper cache control where an attacker can view sensitive information even if they are not logged into the account anymore...

6.6AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2025/02/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-44000

Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through 6.5.0.1...

9.8CVSS5.8AI score0.83178EPSS
Exploits7References1
Snyk
Snyk
added 2025/02/21 10:15 p.m.4 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to improper cache control. An attacker can view sensitive information even if they are not logged into the account anymore. Remediation Upgrade leantime/leantime to version 3.3 or higher...

5.7CVSS6.6AI score
Exploits0References2
OSV
OSV
added 2025/02/21 10:15 p.m.7 views

GHSA-H6W8-27PH-C385 Leantime has Insufficiently Protected Credentials

Due to improper cache control an attacker can view sensitive information even if they are not logged into the account anymore. Additional Information: 1.The issue was identified during routine security testing. 2.This vulnerability poses a significant risk to user privacy and data security...

5.7CVSS6.7AI score
Exploits0References2
Cvelist
Cvelist
added 2025/02/19 11:34 p.m.12 views

CVE-2024-37362 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. CWE-522 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database...

6.3CVSS0.00265EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:2 a.m.14 views

CVE-2024-21815

Insufficiently protected credentials CWE-522 for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to vEL8.90.1751 MR3, 8.80 prior to vEL8.80.152...

9.1CVSS6.7AI score0.00334EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:59 p.m.5 views

CVE-2024-4228

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE - 522 - Insufficiently Protected Credentials vulnerability in Magarsus Consultancy SSO Single Sign On allows SQL Injection. This issue...

9.8CVSS5.9AI score0.00475EPSS
Exploits0References1
Snyk
Snyk
added 2025/01/23 8:42 p.m.1 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the manipulation of datastreams. An attacker can read local files by exploiting the default credentials and privileges of the service account fedoraIntCallUser. Remediation Upgrade...

8.7CVSS5.8AI score0.00412EPSS
Exploits0References2
Veracode
Veracode
added 2025/01/07 6:17 a.m.10 views

Insufficiently Protected Credentials

GoPhish is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to improper handling of mail server credentials due to storing cleartext passwords for the configured IMAP and SMTP servers, exposing sensitive information to attackers...

7.5CVSS6.4AI score0.00358EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder