CWE-522 · Insufficiently Protected Credentials
1372 CVEs classified under CWE-522 (Insufficiently Protected Credentials). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-7312 | Critical | 10.0 | 2026-06-02 | CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1… |
CVE-2026-42869 | Critical | 10.0 | 2026-05-11 | SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded… |
CVE-2026-29128 | Critical | 10.0 | 2026-03-05 | IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zebra, bgpd, ospfd, and ripd) that are own… |
CVE-2025-54863 | Critical | 10.0 | 2025-11-04 | Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely… |
CVE-2024-51545 | Critical | 10.0 | 2024-12-05 | Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Affected products: ABB ASPECT - Ente… |
CVE-2023-1778 | Critical | 10.0 | 2023-04-27 | This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows… |
CVE-2021-30116 | Critical | 10.0 | 2021-07-09 | Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the… |
CVE-2020-6961 | Critical | 10.0 | 2020-01-24 | In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE… |
CVE-2019-16649 | Critical | 10.0 | 2019-09-21 | On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of… |
CVE-2025-64420 | Critical | 9.9 | 2026-01-05 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434… |
CVE-2025-0867 | Critical | 9.9 | 2025-02-14 | The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the… |
CVE-2024-9014 | Critical | 9.9 | 2024-09-23 | pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the c… |
CVE-2021-36783 | Critical | 9.9 | 2022-09-07 | A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members t… |
CVE-2019-1384 | Critical | 9.9 | 2019-11-12 | A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an a… |
CVE-2026-43992 | Critical | 9.8 | 2026-05-12 | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract… |
CVE-2026-21660 | Critical | 9.8 | 2026-02-27 | Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22… |
CVE-2026-23958 | Critical | 9.8 | 2026-01-22 | Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the user’s password as the JWT signing sec… |
CVE-2026-22043 | Critical | 9.8 | 2026-01-08 | RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.0-alpha.78, a flawed `deny_only` short-circuit in RustFS IA… |
CVE-2025-34207 | Critical | 9.8 | 2025-09-29 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 (VA and SaaS deployments) configure the SSH c… |
CVE-2025-34196 | Critical | 9.8 | 2025-09-29 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 (Windows client deployments) contain… |