Weaknesses of type CWE-522
555 resultsCVE-2020-14489MEDIUMOpenClinic GAEPSS 1.0%CVE-2022-45599CRITICALAztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable to PHP Type Juggling in file /var/www/login.php, allows attackers to gaEPSS 1.0%CVE-2021-41300CRITICALECOA BAS controller - Insufficiently Protected Credentials-2EPSS 0.9%CVE-2023-49280HIGHData leak of password hash through xwiki change requestEPSS 0.9%CVE-2021-23196HIGHFresenius Kabi Agilia Connect Infusion System insufficiently protected credentialsEPSS 0.9%CVE-2023-35348MEDIUMActive Directory Federation Service Security Feature Bypass VulnerabilityEPSS 0.9%CVE-2017-0925—Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration APEPSS 0.9%CVE-2019-11284MEDIUMReactor Netty authentication leak in redirectsEPSS 0.9%CVE-2021-22798—A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposedEPSS 0.9%CVE-2021-3528—A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core EPSS 0.9%CVE-2020-5263MEDIUMInformation disclosure through error objectEPSS 0.9%CVE-2023-33263HIGHIn WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini configuration file within the WFTPD directory. NOTE:EPSS 0.9%CVE-2021-33024LOWPhilips Vue PACS Insufficiently Protected CredentialsEPSS 0.9%CVE-2023-31824—An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access EPSS 0.9%CVE-2022-4612MEDIUMClick Studios Passwordstate insufficiently protected credentialsEPSS 0.9%CVE-2024-51984MEDIUMAuthenticated disclosure of external service passwords via pass-back attack affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.EPSS 0.8%CVE-2024-47081MEDIUMRequests vulnerable to .netrc credentials leak via malicious URLsEPSS 0.8%CVE-2014-1423MEDIUMOnline Accounts Signon daemon gives out all oauth tokens to any appEPSS 0.8%CVE-2025-27648CRITICALVasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Cross Tenant Password Exposure V-20EPSS 0.8%CVE-2025-27650CRITICALVasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Private Keys in Docker Overlay V-20EPSS 0.8%