CVE-2023-31277
7.5HIGH
PiiGAB M-Bus transmits credentials in plaintext format.
PiiGAB M-Bus transmits credentials in plaintext format.
7/6/2023CWE-523
CVE-2025-64308
7.5HIGH
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle.
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle.
11/15/2025CWE-523
CVE-2025-41705
6.8MEDIUM
An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to the login credentials for the Webfrontend.
An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to the login credentials for the Webfrontend.
10/14/2025CWE-523
CVE-2024-4188
NONE
Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.This issue affects Documentum™ Server: from 16.7 through 23.4.
Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.This issue affects Documentum™ Server: from 16.7 through 23.4.
7/30/2024CWE-523
CVE-2025-64309
8.6HIGH
Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthentica
Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthentica...
11/15/2025CWE-523
CVE-2024-1102
6.5MEDIUM
A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.
A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.
4/25/2024CWE-523, CWE-200
CVE-2023-22862
5.9MEDIUM
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
6/5/2023CWE-523, CWE-522
CVE-2021-32003
8.0HIGH
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secom
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secom...
8/5/2021CWE-523, CWE-522
CVE-2022-31805
7.5HIGH
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
6/24/2022CWE-523
CVE-2021-38460
7.5HIGH
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs o
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs o...
10/12/2021CWE-523, CWE-22
CVE-2017-16731
8.8HIGH
An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentica
An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentica...
12/20/2017CWE-523, CWE-522
CVE-2025-61121
7.5HIGH
Mobile Scanner Android App version 2.12.38 (package name com.glority.everlens), developed by Glority Global Group Ltd., contains a credential leakage vulnerability. Improper handling of cloud service
Mobile Scanner Android App version 2.12.38 (package name com.glority.everlens), developed by Glority Global Group Ltd., contains a credential leakage vulnerability. Improper handling of cloud service ...
10/30/2025CWE-523
CVE-2024-1509
NONE
Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only comm
Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only comm...
2/28/2025CWE-523
CVE-2023-28708
4.3MEDIUM
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 1
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 1...
3/22/2023CWE-523
CVE-2025-57800
8.8HIGH
Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does not properly restrict redirect callback URLs during OIDC authentication. An attack
Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does not properly restrict redirect callback URLs during OIDC authentication. An attack...
8/22/2025CWE-523, CWE-598 +1
CVE-2025-66029
7.6HIGH
Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create
Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create...
12/17/2025CWE-522, CWE-523