Lucene search
K

364 matches found

NVD
NVD
added 2026/04/07 3:17 p.m.4 views

CVE-2026-5380

An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 5.3...

5.3CVSS0.00196EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/07 2:12 p.m.27 views

CVE-2026-5380 runZero Platform cleartext secret exposure

An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 5.3...

5.3CVSS0.00196EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.10 views

PT-2026-30875

An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 5.3...

5.3CVSS5.8AI score0.00196EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/25 8:6 p.m.2 views

CVE-2025-14790

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials...

6.5CVSS5.8AI score0.00204EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/03/16 4:26 p.m.3 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to insufficient policy enforcement in the Trusted Platform Module TPM during the disk decryption process. An attacker can gain unauthorized access to encrypted data by physically replacing the ro...

7.6CVSS5.9AI score0.0014EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/09 8:1 a.m.7 views

CVE-2026-28678

DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens JWTs were stored in HTTP cookies without cryptographic protection...

9.1CVSS5.7AI score0.00165EPSS
Exploits0References1
OSV
OSV
added 2026/03/07 4:6 p.m.6 views

CVE-2026-28678 dsa-hub-server: Clear-Text Storage of Sensitive Data

DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens JWTs were stored in HTTP cookies without cryptographic protection...

8.1CVSS5.7AI score0.00165EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/07 4:6 p.m.6 views

EUVD-2026-10157

DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens JWTs were stored in HTTP cookies without cryptographic protection...

8.1CVSS5.7AI score0.00165EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/07 4:6 p.m.5 views

CVE-2026-28678

Further research determined the issue is not a vulnerability...

5.8AI score0.00165EPSS
Exploits0References3
CISA KEV Catalog
CISA KEV Catalog
added 2026/03/05 12:0 a.m.7 views

Rockwell Multiple Products Insufficient Protected Credentials Vulnerability

Multiple Rockwell products contain an insufficient protected credentials vulnerability. Studio 5000 Logix Designer software may allow a key to be discovered. This key is used to verify Logix controllers are communicating with Rockwell Automation design software. If successfully exploited, this...

9.8CVSS5.9AI score0.25455EPSS
In wildExploits1
Cvelist
Cvelist
added 2026/02/27 12:15 a.m.20 views

CVE-2026-25774 EV Energy ev.energy Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

6.9CVSS0.00279EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/04 8:43 p.m.4 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to the use of SHA1 PCRs when sealing and unsealing the vault key. An attacker can bypass integrity checks and modify configuration files undetected by measured boot and remote attestation by...

8.8CVSS8AI score0.00106EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/29 10:4 p.m.4 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the OCI image pull process. An attacker can obtain sensitive authentication credentials by crafting a malicious registry that returns a WWW-Authenticate header redirecting token authentication to...

6.9CVSS5.9AI score0.00336EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/29 10:4 p.m.3 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the OCI image pull process. An attacker can obtain sensitive authentication credentials by crafting a malicious registry that returns a WWW-Authenticate header redirecting token authentication to...

6.9CVSS5.9AI score0.00336EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/21 7:19 a.m.14 views

CVE-2026-1223

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend...

6.9CVSS5.5AI score0.00363EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/21 12:31 a.m.10 views

EUVD-2025-206310

Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808...

8.5CVSS5.4AI score0.00169EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/20 9:36 p.m.2 views

CVE-2025-58741

Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808...

8.5CVSS5.3AI score0.00169EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/01/20 7:15 a.m.6 views

CVE-2026-1223

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend...

6.9CVSS0.00363EPSS
Exploits0References2
CVE
CVE
added 2026/01/20 6:35 a.m.19 views

CVE-2026-1223

Summary: CVE-2026-1223 affects the PrismX MX100 AP controller by Browan Communications, describing an Insufficiently Protected Credentials vulnerability that could allow privileged remote attackers to obtain SMTP plaintext passwords via the web frontend. The available documents do not specify aff...

6.9CVSS5.5AI score0.00363EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.11 views

PT-2026-3543

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend...

6.9CVSS5.5AI score0.00363EPSS
Exploits0References3
Rows per page
Query Builder