CVE-2026-7312 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441, 15.3.8500 to 15.3.8531, and 15.4.8600 to 15.4.8630 allows a remote unauthenticated attacker to...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the Slack import process. An attacker can gain unauthorized access to user accounts by obtaining disclosed passwords and impersonating users. Remediation Upgrade...

Dell iDRAC10 < 1.30.10.50 Insufficiently Protected Credentials (DSA-2026-187)

The version of Dell iDRAC10 installed on the remote host is affected by an insufficiently protected credentials vulnerability as referenced in the DSA-2026-187 advisory. - Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race...

CVE-2026-35155

Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access...

CVE-2026-35155

Dell iDRAC10 (versions 1.20.70.50 and 1.30.05.10) is affected by an Insufficiently Protected Credentials vulnerability due to a race condition that could let an authenticated, low-privileged attacker elevate privileges. The issue concerns credential protection handling within the affected compone...

CVE-2026-35155

Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access...

PT-2026-35868

Name of the Vulnerable Software and Affected Versions Dell iDRAC10 version 1.20.70.50 Dell iDRAC10 version 1.30.05.10 Description An insufficiently protected credentials issue exists due to a race condition, which is a situation where the system's substantive behavior is dependent on the sequence...

CVE-2026-32171

Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network...

CVE-2026-5380 runZero Platform cleartext secret exposure

An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 5.3...

PT-2026-23866

Name of the Vulnerable Software and Affected Versions DSA Study Hub versions prior to commit d527fba Description The user authentication system in the application’s server/routes/auth.js component had a flaw related to insufficiently protected credentials. Authentication tokens, specifically JWTs...

CVE-2026-27770 ePower epower.ie Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-1223

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend...

PT-2025-50905

Name of the Vulnerable Software and Affected Versions Apache Fineract versions through 1.11.0 Description A flaw exists in Apache Fineract related to insufficiently protected credentials. Upgrade to version 1.13.0, the latest release, to address this issue. The issue is resolved in version 1.12.1...

CVE-2025-36096 AIX Insufficiently Protected Credentials

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques...

EUVD-2025-37477

The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...

EUVD-2022-30900

Malicious code in bioql PyPI...

EUVD-2025-18956

Malicious code in bioql PyPI...

EUVD-2023-35503

Malicious code in bioql PyPI...

EUVD-2025-31136

Malicious code in bioql PyPI...

EUVD-2022-36214

Malicious code in bioql PyPI...