CVEs classified under CWE-523, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2024-1509 — CVSS 9.1 (critical): Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be…
CVE-2025-57800 — CVSS 8.8 (high): Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does not properly restrict…
CVE-2025-61121 — CVSS 7.5 (high): Mobile Scanner Android App version 2.12.38 (package name com.glority.everlens), developed by Glority Global Group Ltd., contains a…
CVE-2022-31805 — CVSS 7.5 (high): In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and…
CVE-2025-64309 — CVSS 7.4 (high): The affected product discloses device telemetry, configuration, and sensitive information via WebSocket traffic to unauthenticated users…
CVE-2024-4188: Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.This issue affects…
CVE-2025-41705 — CVSS 6.8 (medium): An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to the login credentials for the Webfrontend.
CVE-2026-23635 — CVSS 6.5 (medium): Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security…
CVE-2025-64308 — CVSS 6.5 (medium): The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's…
CVE-2024-1102 — CVSS 6.5 (medium): A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and…
CVE-2024-20395 — CVSS 6.4 (medium): A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to…
CVE-2026-8673 — CVSS 5.9 (medium): Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue…
CVE-2023-22862 — CVSS 5.9 (medium): IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is…
CVE-2023-28708 — CVSS 4.3 (medium): When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https…
CVE-2026-8668: A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages…