CWE-522 不充分的凭证保护机制 类弱点 389 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-522属于凭据保护不足漏洞,指产品在传输或存储认证凭据时使用了不安全的方法,易导致凭据被未授权方拦截或窃取。攻击者通常通过中间人攻击、网络嗅探或访问未加密的存储介质来获取敏感信息,进而冒充合法用户。开发者应避免使用明文传输,采用TLS等加密协议保护传输过程,并在存储时使用强哈希算法加盐处理,确保凭据机密性与完整性。
$user = $_GET['user']; $pass = $_GET['pass']; $checkpass = $_GET['checkpass']; if ($pass == $checkpass) { SetUserPassword($user, $pass); }... Properties prop = new Properties(); prop.load(new FileInputStream("config.properties")); String password = prop.getProperty("password"); DriverManager.getConnection(url, usr, password); ...| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-53840 | OpenClaw <2026.5.12 MCP流式HTTP跨域重定向导致自定义头信息泄露漏洞 — OpenClaw | 7.1 | High | 2026-06-16 |
| CVE-2026-6517 | Mattermost 信任管理问题漏洞 — Mattermost | 6.3 | Medium | 2026-06-15 |
| CVE-2026-49949 | CodexBar 安全漏洞 — CodexBar | 5.3 | Medium | 2026-06-11 |
| CVE-2026-41715 | 多款产品安全漏洞 — Reactor Netty | 6.1 | Medium | 2026-06-09 |
| CVE-2026-39908 | OpenBullet2 安全漏洞 — openbullet2 | 6.5 | Medium | 2026-06-08 |
| CVE-2026-46440 | Flowise 安全漏洞 — Flowise | - | - | 2026-06-08 |
| CVE-2026-49379 | JetBrains TeamCity 安全漏洞 — TeamCity | 6.5 | Medium | 2026-05-29 |
| CVE-2026-42951 | Danelec Marine Danelec MacGregor Voyage Data Recorder 安全漏洞 — MacGregor Voyage Data Recorder (VDR) G4e | 5.4 | Medium | 2026-05-29 |
| CVE-2024-47271 | Synology Surveillance Station 安全漏洞 — Surveillance Station | 4.9 | Medium | 2026-05-27 |
| CVE-2026-2255 | Hitachi Vantara Pentaho Data Integration & Analytics 安全漏洞 — Pentaho Data Integration and Analytics | 4.3 | Medium | 2026-05-27 |
| CVE-2026-9395 | Besen BS20 EV Charging Station 安全漏洞 — BS20 EV Charging Station | 3.5 | Low | 2026-05-24 |
| CVE-2026-0393 | CODESYS Visualization 安全漏洞 — Visualization | - | - | 2026-05-21 |
| CVE-2026-6345 | Mattermost 安全漏洞 — Mattermost | 6.5 | Medium | 2026-05-18 |
| CVE-2025-62312 | HCL AION 安全漏洞 — AION | 3.0 | Low | 2026-05-14 |
| CVE-2026-8368 | LWP::UserAgent 安全漏洞 — LWP::UserAgent | - | - | 2026-05-12 |
| CVE-2026-42295 | Argo Workflows 安全漏洞 — argo-workflows | 8.1 | - | 2026-05-09 |
| CVE-2026-41506 | go-git 安全漏洞 — go-git | 4.7 | Medium | 2026-05-08 |
| CVE-2025-62345 | HCL BigFix RunBookAI 安全漏洞 — BigFix RunBookAI | 2.7 | Low | 2026-05-06 |
| CVE-2026-23927 | Zabbix 安全漏洞 — Zabbix | 6.5AI | MediumAI | 2026-05-06 |
| CVE-2026-42367 | GeoVision LPC2011和GeoVision LPC2211 安全漏洞 — GV-LPC2011/LPC2211 | 6.5 | Medium | 2026-05-04 |
| CVE-2026-6446 | WordPress plugin My Social Feeds – Social Feeds Embedder 安全漏洞 — My Social Feeds – Social Feeds Embedder Plugin for WordPress | 5.4 | Medium | 2026-05-02 |
| CVE-2026-35155 | Dell iDRAC10 安全漏洞 — iDRAC10 | 7.1 | High | 2026-04-29 |
| CVE-2026-7038 | SSH MCP Server 安全漏洞 — ssh-mcp | 3.3 | Low | 2026-04-26 |
| CVE-2026-39462 | SenseLive X3050 安全漏洞 — X3050 | 8.1 | High | 2026-04-23 |
| CVE-2026-41345 | OpenClaw 安全漏洞 — OpenClaw | 5.3 | Medium | 2026-04-23 |
| CVE-2026-6408 | Tanium Server 安全漏洞 — Tanium Server | 2.7 | Low | 2026-04-22 |
| CVE-2025-15622 | Sparx Enterprise Architect 安全漏洞 — Sparx Enterprise Architect | 6.5AI | MediumAI | 2026-04-17 |
| CVE-2025-36568 | Dell PowerProtect Data Domain 安全漏洞 — PowerProtect Data Domain BoostFS | 7.8 | High | 2026-04-17 |
| CVE-2025-15621 | Sparx Enterprise Architect 安全漏洞 — Sparx Enterprise Architect | 8.8AI | HighAI | 2026-04-16 |
| CVE-2026-32171 | Microsoft Azure Logic Apps 安全漏洞 — Azure Logic Apps | 8.8 | High | 2026-04-14 |
CWE-522(不充分的凭证保护机制) 是常见的弱点类别,本平台收录该类弱点关联的 389 条 CVE 漏洞。