Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-522 (不充分的凭证保护机制) — Vulnerability Class 366

366 vulnerabilities classified as CWE-522 (不充分的凭证保护机制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-39462 SenseLive X3050 Insufficiently Protected Credentials — X3050 8.1 High2026-04-23
CVE-2026-41345 OpenClaw < 2026.3.31 - Authorization Header Leak via Cross-Origin Redirect in Media Download — OpenClaw 5.3 Medium2026-04-23
CVE-2026-6408 Tanium addressed an information disclosure vulnerability in Tanium Server. — Tanium Server 2.7 Low2026-04-22
CVE-2025-15622 Sparx Enterprise Architect Client reveals plaintext OAuth2 client secret — Sparx Enterprise Architect 6.5AIMediumAI2026-04-17
CVE-2025-36568 Dell PowerProtect Data Domain 安全漏洞 — PowerProtect Data Domain BoostFS 7.8 High2026-04-17
CVE-2025-15621 Sparx Enterprise Architect Client does not verify the receiver of OAuth2 credentials during OpenID authentication — Sparx Enterprise Architect 8.8AIHighAI2026-04-16
CVE-2026-32171 Azure Logic Apps Elevation of Privilege Vulnerability — Azure Logic Apps 8.8 High2026-04-14
CVE-2026-27316 Fortinet FortiSandbox 安全漏洞 — FortiSandbox 2.5 Low2026-04-14
CVE-2026-34262 Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer — SAP HANA Cockpit and HANA Database Explorer 5.0 Medium2026-04-14
CVE-2026-35467 Private Key stored as extractable in browser IndexeDB — cveClient/encrypt-storage.js 7.5AIHighAI2026-04-02
CVE-2026-33575 OpenClaw < 2026.3.12 - Long-lived Credential Exposure in Pairing Setup Codes — OpenClaw 7.5 High2026-03-29
CVE-2025-15617 Wazuh GitHub Actions Workflow Exposure of Sensitive Credentials — Wazuh (GitHub Actions) 6.5 Medium2026-03-27
CVE-2025-13478 Cache Misconfiguration Leading to Cross-User Data Exposure — Identity Manager 3.1 -2026-03-27
CVE-2025-36440 Multiple Vulnerabilities in IBM Concert Software — Concert 5.1 Medium2026-03-25
CVE-2025-14790 IBM InfoSphere Information Server is vulnerable to disclosure of sensitive information — InfoSphere Information Server 6.5 Medium2026-03-25
CVE-2025-64998 Session hijacking via exposed session signing secret in distributed Checkmk setups — Checkmk 6.5 -2026-03-24
CVE-2026-32913 OpenClaw < 2026.3.7 - Custom Authorization Header Leakage via Cross-Origin Redirects — OpenClaw 9.3 Critical2026-03-23
CVE-2026-31926 IGL-Technologies eParking.fi Insufficiently Protected Credentials — eParking.fi 6.5 Medium2026-03-20
CVE-2026-28204 CTEK Chargeportal Insufficiently Protected Credentials — Chargeportal 6.5 Medium2026-03-20
CVE-2026-23658 Azure DevOps: msazure Elevation of Privilege Vulnerability — Azure DevOps: msazure 8.6 High2026-03-19
CVE-2026-32606 IncusOS has a LUKS encryption bypass due to insufficient TPM policy — incus-os 7.7 High2026-03-18
CVE-2026-27027 Everon api.everon.io Insufficiently Protected Credentials — api.everon.io 6.5 Medium2026-03-06
CVE-2026-27777 Mobiliti e-mobi.hu Insufficiently Protected Credentials — e-mobi.hu 6.5 Medium2026-03-06
CVE-2026-28714 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 17 7.5 -2026-03-05
CVE-2026-27770 ePower epower.ie Insufficiently Protected Credentials — epower.ie 6.5 Medium2026-03-05
CVE-2026-29128 IDC SFX2100 Satellite Receiver bgpd/ospfd/ripd/zebra Config Credential Disclosure via World-Readable Files — SFX2100 Satellite Receiver 9.8 -2026-03-05
CVE-2026-0689 XIQ‑SE NAC Admin Credential Exposure via HTTP Response — ExtremeCloud IQ - Site Engine 4.9AIMediumAI2026-03-02
CVE-2026-20435 MediaTek Chipsets 安全漏洞 — MediaTek chipset 4.2AIMediumAI2026-03-02
CVE-2026-22878 Mobility46 mobility46.se Insufficiently Protected Credentials — mobility46.se 6.5 Medium2026-02-27
CVE-2026-25774 EV Energy ev.energy Insufficiently Protected Credentials — ev.energy 6.5 Medium2026-02-27

Vulnerabilities classified as CWE-522 (不充分的凭证保护机制) represent 366 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.