Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-522 (不充分的凭证保护机制) — Vulnerability Class 367

367 vulnerabilities classified as CWE-522 (不充分的凭证保护机制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-55306 GenX_FX authentication bypass in JWT validation — GenX_FX 9.8 Critical2025-08-19
CVE-2025-40751 Siemens SIMATIC RTLS Locating Manager 安全漏洞 — SIMATIC RTLS Locating Manager 6.3 Medium2025-08-12
CVE-2025-54882 Himmelblau's Kerberos credential cache collection is world readable — himmelblau 7.1 High2025-08-07
CVE-2025-54876 Jans CLI stores plaintext passwords in the local cli_cmd.log file — jans 5.5AIMediumAI2025-08-05
CVE-2025-38739 Dell Digital Delivery 安全漏洞 — Dell Digital Delivery 7.2 High2025-08-04
CVE-2025-53008 GLPI's MailCollector Receiver is vulnerable to credential exfiltration — glpi 6.5 Medium2025-07-30
CVE-2025-5922 Retrievable password hash protecting TSplus admin console — TSplus Remote Access 8.8AIHighAI2025-07-29
CVE-2025-54428 RevelaCode exposes Sensitive MongoDB Atlas URI in .env (potential credential leak) — RevelaCode-Backend 9.8 Critical2025-07-28
CVE-2025-34139 Sitecore XM/XP/XC and Managed Cloud 8.0 - 10.4 Arbitrary File Read — Experience Manager (XM) 7.5 -2025-07-25
CVE-2025-6227 Invite token is used as part of the secure communication — Mattermost 2.2 Low2025-07-18
CVE-2025-34078 NSClient++ 0.5.2.35 Local Privilege Escalation via ExternalScripts and Web Interface — NSClient++ 7.8AIHighAI2025-07-02
CVE-2025-6081 Pass-back attack in Konica Minolta bizhub 227 multifunctional printers — bizhub 227 Multifunction printers 6.8 Medium2025-07-01
CVE-2024-49364 tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment — tiny-secp256k1 7.5AIHighAI2025-07-01
CVE-2024-51984 Authenticated disclosure of external service passwords via pass-back attack affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc. — HL-L8260CDN 6.8 Medium2025-06-25
CVE-2025-6526 70mai M300 HTTP Server insufficiently protected credentials — M300 3.1 Low2025-06-23
CVE-2025-30183 CyberData 011209 SIP Emergency Intercom Insufficiently Protected Credentials — 011209 SIP Emergency Intercom 7.5 High2025-06-09
CVE-2024-47081 Requests vulnerable to .netrc credentials leak via malicious URLs — requests 5.3 Medium2025-06-09
CVE-2025-3480 MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability — WEB DICOM Viewer 6.5AIMediumAI2025-05-22
CVE-2025-3079 Canon ImageRunner 安全漏洞 — imageRUNNER Series 8.7 High2025-05-19
CVE-2025-3078 Canon ImageRunner 安全漏洞 — imageRUNNER ADVANCE Series 8.7 High2025-05-19
CVE-2025-4679 Synology Active Backup 安全漏洞 — Active Backup for Microsoft 365 6.5 Medium2025-05-16
CVE-2025-2772 BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability — Multiple Routers 6.5 -2025-04-23
CVE-2025-32963 Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS — operator 9.9 -2025-04-22
CVE-2025-22372 Insecure password storage in SicommNet BASEC — BASEC 6.5AIMediumAI2025-04-14
CVE-2025-27192 Adobe Commerce | Insufficiently Protected Credentials (CWE-522) — Adobe Commerce 2.7 Low2025-04-08
CVE-2025-26628 Azure Local Cluster Information Disclosure Vulnerability — Azure Local Cluster 7.3 High2025-04-08
CVE-2025-2908 Insufficiently Protected Credentials vulnerability in MeetMe products — MeetMe 7.5 -2025-03-28
CVE-2024-47109 IBM Sterling File Gateway information disclosure — Sterling File Gateway 5.3 Medium2025-03-10
CVE-2025-1886 Pass-Back vulnerability in Sage 200 Spain — Sage 200 Spain 4.9 -2025-03-07
CVE-2024-12799 Insufficiently Protected Credentials — Identity Manager Advanced Edition 9.1 -2025-03-05

Vulnerabilities classified as CWE-522 (不充分的凭证保护机制) represent 367 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.