PT-2026-42764

Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue affects Avantra: before 25.3.0...

PT-2026-37633

HCL BigFix Service Management SM is vulnerable to insufficiently protected credentials for a short duration while communicating with a backend, internal application which could allow an attacker to potentially misuse them, if exfiltrated...

Langflow has an Information Leak through Incomplete API Key Redaction

A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function removeapikeys/hasapiterms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be initiated...

EUVD-2026-18554

The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials...

CVE-2025-14790

CVE-2025-14790 affects IBM InfoSphere Information Server (versions 11.7.0.0–11.7.1.6). The IBM bulletin describes a sensitive information disclosure due to insufficiently protected credentials (CWE-522). Impact is information exposure without exploitation details provided. Remediation: upgrade to...

CVE-2026-23635

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

CVE-2026-23635 Kiteworks Secure Data Forms has a potential Unprotected Transport of Credentials

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

Kiteworks Secure Data Forms 安全漏洞

Kiteworks Secure Data Forms is a data interaction tool provided by the American company Kiteworks. It offers capabilities for secure data collection and form submission management. Versions of Kiteworks Secure Data Forms prior to 9.2.1 contained security vulnerabilities. These vulnerabilities wer...

PT-2026-28094

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to disclosure of sensitive information (CVE-2025-14790)

Summary A sensitive information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-14790 DESCRIPTION: IBM InfoSphere Information Server could allow an attacker to obtain sensitive information due to insufficiently protected credential...

EUVD-2026-13174

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network...

Azure DevOps: msazure Elevation of Privilege Vulnerability

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network...

EUVD-2026-12468

A vulnerability was determined in CityData CityChat up to 0.12.6 on Android. Affected by this vulnerability is an unknown functionality of the file resources/assets/flutterassets/assets/credentials.json of the component ai.citydata.citychat. Executing a manipulation can lead to unprotected storag...

CVE-2026-4251

A vulnerability was determined in CityData CityChat up to 0.12.6 on Android. Affected by this vulnerability is an unknown functionality of the file resources/assets/flutterassets/assets/credentials.json of the component ai.citydata.citychat. Executing a manipulation can lead to unprotected storag...

CVE-2026-28678 dsa-hub-server: Clear-Text Storage of Sensitive Data

DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens JWTs were stored in HTTP cookies without cryptographic protection...

PT-2026-1946

Name of the Vulnerable Software and Affected Versions Broadcom DX NetOps Spectrum versions 24.3.13 and earlier Description A flaw exists in Broadcom DX NetOps Spectrum on Windows and Linux that allows for sniffing attacks due to insufficiently protected credentials. Recommendations Update to a...

CVE-2020-7306

Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention DLP for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text...

PT-2026-1137

Name of the Vulnerable Software and Affected Versions Nuvation Energy Multi-Stack Controller MSC versions through 2.5.1 Description A weakness exists in the Nuvation Energy Multi-Stack Controller MSC that allows Signature Spoofing by Key Theft due to insufficiently protected credentials. This cou...

NVIDIA Isaac Launchable Trust Management Issue Vulnerability

NVIDIA Isaac Launchable is a one-click deployment GPU development environment designed to simplify the AI development process and accelerate experimentation and deployment. NVIDIA Isaac Launchable suffers from a trust management issue vulnerability that stems from improperly protected credentials...

CVE-2025-64898

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized access by exploiting improperly stored or...