CWE-522 不充分的凭证保护机制 类弱点 383 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-522属于凭据保护不足漏洞,指产品在传输或存储认证凭据时使用了不安全的方法,易导致凭据被未授权方拦截或窃取。攻击者通常通过中间人攻击、网络嗅探或访问未加密的存储介质来获取敏感信息,进而冒充合法用户。开发者应避免使用明文传输,采用TLS等加密协议保护传输过程,并在存储时使用强哈希算法加盐处理,确保凭据机密性与完整性。
$user = $_GET['user']; $pass = $_GET['pass']; $checkpass = $_GET['checkpass']; if ($pass == $checkpass) { SetUserPassword($user, $pass); }... Properties prop = new Properties(); prop.load(new FileInputStream("config.properties")); String password = prop.getProperty("password"); DriverManager.getConnection(url, usr, password); ...| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-49379 | JetBrains TeamCity 安全漏洞 — TeamCity | 6.5 | Medium | 2026-05-29 |
| CVE-2026-42951 | Danelec Marine Danelec MacGregor Voyage Data Recorder 安全漏洞 — MacGregor Voyage Data Recorder (VDR) G4e | 5.4 | Medium | 2026-05-29 |
| CVE-2024-47271 | Synology Surveillance Station 安全漏洞 — Surveillance Station | 4.9 | Medium | 2026-05-27 |
| CVE-2026-2255 | Hitachi Vantara Pentaho Data Integration & Analytics 安全漏洞 — Pentaho Data Integration and Analytics | 4.3 | Medium | 2026-05-27 |
| CVE-2026-9395 | Besen BS20 EV Charging Station 安全漏洞 — BS20 EV Charging Station | 3.5 | Low | 2026-05-24 |
| CVE-2026-0393 | CODESYS Visualization 安全漏洞 — Visualization | - | - | 2026-05-21 |
| CVE-2026-6345 | Mattermost 安全漏洞 — Mattermost | 6.5 | Medium | 2026-05-18 |
| CVE-2025-62312 | HCL AION 安全漏洞 — AION | 3.0 | Low | 2026-05-14 |
| CVE-2026-8368 | LWP::UserAgent 安全漏洞 — LWP::UserAgent | - | - | 2026-05-12 |
| CVE-2026-42295 | Argo Workflows 安全漏洞 — argo-workflows | 8.1 | - | 2026-05-09 |
| CVE-2026-41506 | go-git 安全漏洞 — go-git | 4.7 | Medium | 2026-05-08 |
| CVE-2025-62345 | HCL BigFix RunBookAI 安全漏洞 — BigFix RunBookAI | 2.7 | Low | 2026-05-06 |
| CVE-2026-23927 | Zabbix 安全漏洞 — Zabbix | 6.5AI | MediumAI | 2026-05-06 |
| CVE-2026-42367 | GeoVision LPC2011和GeoVision LPC2211 安全漏洞 — GV-LPC2011/LPC2211 | 6.5 | Medium | 2026-05-04 |
| CVE-2026-6446 | WordPress plugin My Social Feeds – Social Feeds Embedder 安全漏洞 — My Social Feeds – Social Feeds Embedder Plugin for WordPress | 5.4 | Medium | 2026-05-02 |
| CVE-2026-35155 | Dell iDRAC10 安全漏洞 — iDRAC10 | 7.1 | High | 2026-04-29 |
| CVE-2026-7038 | SSH MCP Server 安全漏洞 — ssh-mcp | 3.3 | Low | 2026-04-26 |
| CVE-2026-39462 | SenseLive X3050 安全漏洞 — X3050 | 8.1 | High | 2026-04-23 |
| CVE-2026-41345 | OpenClaw 安全漏洞 — OpenClaw | 5.3 | Medium | 2026-04-23 |
| CVE-2026-6408 | Tanium Server 安全漏洞 — Tanium Server | 2.7 | Low | 2026-04-22 |
| CVE-2025-15622 | Sparx Enterprise Architect 安全漏洞 — Sparx Enterprise Architect | 6.5AI | MediumAI | 2026-04-17 |
| CVE-2025-36568 | Dell PowerProtect Data Domain 安全漏洞 — PowerProtect Data Domain BoostFS | 7.8 | High | 2026-04-17 |
| CVE-2025-15621 | Sparx Enterprise Architect 安全漏洞 — Sparx Enterprise Architect | 8.8AI | HighAI | 2026-04-16 |
| CVE-2026-32171 | Microsoft Azure Logic Apps 安全漏洞 — Azure Logic Apps | 8.8 | High | 2026-04-14 |
| CVE-2026-27316 | Fortinet FortiSandbox 安全漏洞 — FortiSandbox | 2.5 | Low | 2026-04-14 |
| CVE-2026-34262 | SAP HANA Cockpit和SAP HANA Database Explorer 安全漏洞 — SAP HANA Cockpit and HANA Database Explorer | 5.0 | Medium | 2026-04-14 |
| CVE-2026-35467 | cveClient 安全漏洞 — cveClient/encrypt-storage.js | 7.5AI | HighAI | 2026-04-02 |
| CVE-2026-33575 | OpenClaw 安全漏洞 — OpenClaw | 7.5 | High | 2026-03-29 |
| CVE-2025-15617 | Wazuh 安全漏洞 — Wazuh (GitHub Actions) | 6.5 | Medium | 2026-03-27 |
| CVE-2025-13478 | OpenText Identity Manager 安全漏洞 — Identity Manager | 3.1 | - | 2026-03-27 |
CWE-522(不充分的凭证保护机制) 是常见的弱点类别,本平台收录该类弱点关联的 383 条 CVE 漏洞。