Falhas do tipo CWE-522
555 resultadosCVE-2023-27126MEDIUMThe AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An atEPSS 0.4%CVE-2024-38453HIGHThe Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key. NOTE: the current version is 11 as of mid-EPSS 0.4%CVE-2021-36204HIGHInsufficiently Protected Credentials in Metasys EPSS 0.4%CVE-2023-23466MEDIUMMedia CP Media Control Panel – insufficiently protected credential changeEPSS 0.4%CVE-2024-4536MEDIUMEclipse EDC: OAuth2 Credential Exfiltration VulnerabilityEPSS 0.4%CVE-2023-1518HIGHCP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to
sensitive credentials being leaked because they are insufficiently
pEPSS 0.4%CVE-2022-41247MEDIUMJenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins cEPSS 0.4%CVE-2025-0619MEDIUMUnsafe stored password recoveryEPSS 0.4%CVE-2024-51545CRITICALUsername EnumerationEPSS 0.4%CVE-2024-42457HIGHA vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combinatiEPSS 0.4%CVE-2022-2967MEDIUMProsys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 and prior do not sufficiently protect credEPSS 0.4%CVE-2026-21670HIGHA vulnerability allowing a low-privileged user to extract saved SSH credentials.EPSS 0.4%CVE-2024-50699HIGHTP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contain weak default credentials forEPSS 0.4%CVE-2024-22266MEDIUMVMware Avi Load Balancer updates address multiple vulnerabilitiesEPSS 0.4%CVE-2024-31800MEDIUMAuthentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell EPSS 0.4%CVE-2019-10224MEDIUMA flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may diEPSS 0.4%CVE-2023-50310MEDIUMIBM CICS Transaction Gateway for Multiplatforms information disclosureEPSS 0.4%CVE-2025-15617HIGHWazuh GitHub Actions Workflow Exposure of Sensitive CredentialsEPSS 0.4%CVE-2025-26492HIGHIn JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resourcesEPSS 0.4%CVE-2022-27544MEDIUMHCL BigFix Web Reports authorized users may see sensitive information in clear textEPSS 0.4%