CWE-522 · Insufficiently Protected Credentials

1372 CVEs classified under CWE-522 (Insufficiently Protected Credentials). Browse by severity and year.

Top CVEs for CWE-522
CVESeverityScorePublishedSummary
CVE-2026-7312Critical10.02026-06-02CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1…
CVE-2026-42869Critical10.02026-05-11SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded…
CVE-2026-29128Critical10.02026-03-05IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zebra, bgpd, ospfd, and ripd) that are own…
CVE-2025-54863Critical10.02025-11-04Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely…
CVE-2024-51545Critical10.02024-12-05Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.  Affected products: ABB ASPECT - Ente…
CVE-2023-1778Critical10.02023-04-27This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows…
CVE-2021-30116Critical10.02021-07-09Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the…
CVE-2020-6961Critical10.02020-01-24In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE…
CVE-2019-16649Critical10.02019-09-21On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of…
CVE-2025-64420Critical9.92026-01-05Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434…
CVE-2025-0867Critical9.92025-02-14The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the…
CVE-2024-9014Critical9.92024-09-23pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the c…
CVE-2021-36783Critical9.92022-09-07A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members t…
CVE-2019-1384Critical9.92019-11-12A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an a…
CVE-2026-43992Critical9.82026-05-12JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract…
CVE-2026-21660Critical9.82026-02-27Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22…
CVE-2026-23958Critical9.82026-01-22Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the user’s password as the JWT signing sec…
CVE-2026-22043Critical9.82026-01-08RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.0-alpha.78, a flawed `deny_only` short-circuit in RustFS IA…
CVE-2025-34207Critical9.82025-09-29Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 (VA and SaaS deployments) configure the SSH c…
CVE-2025-34196Critical9.82025-09-29Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 (Windows client deployments) contain…