Fallos del tipo CWE-522
555 resultadosCVE-2024-21815CRITICAL
Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticateEPSS 0.3%CVE-2024-38291HIGHIn XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege escalation.EPSS 0.3%CVE-2025-64998HIGHSession hijacking via exposed session signing secret in distributed Checkmk setupsEPSS 0.3%CVE-2026-3783MEDIUMtoken leak with redirect and netrcEPSS 0.3%CVE-2025-58366CRITICALOnyxia private helm repository credentials are leaked through unauthenticated APIEPSS 0.3%CVE-2017-2665MEDIUMThe skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.EPSS 0.3%CVE-2026-45091CRITICALsealed-env: TOTP secret embedded in unseal token payload (enterprise mode)EPSS 0.3%CVE-2026-54276MEDIUMAIOHTTP: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect ChallengesEPSS 0.3%CVE-2026-53632MEDIUMNTLMv2 hash disclosure via UNC path handling on WindowsEPSS 0.3%CVE-2023-50311LOWIBM CICS Transaction Gateway for Multiplatforms information disclosureEPSS 0.3%CVE-2025-52095CRITICALAn issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to escalate privileges via the Credential encryption routines in SDCommon.dllEPSS 0.3%CVE-2020-8152—Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decryEPSS 0.3%CVE-2020-14391—A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer EPSS 0.3%CVE-2024-49364HIGHtiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environmentEPSS 0.3%CVE-2026-32913HIGHOpenClaw < 2026.3.7 - Custom Authorization Header Leakage via Cross-Origin RedirectsEPSS 0.3%CVE-2020-14334—A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker toEPSS 0.3%CVE-2026-39908HIGHOpenBullet2 0.3.2 NTLMv2 Hash Disclosure via UNC Path Proxy SourceEPSS 0.3%CVE-2020-1688MEDIUMJunos OS: SRX and NFX Series: Insufficient Web API private key protectionEPSS 0.3%CVE-2025-0497HIGHRockwell Automation FactoryTalk® AssetCentre Data Exposure VulnerabilityEPSS 0.3%CVE-2017-9552—A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. EPSS 0.3%