CWE-312— Cleartext Storage of Sensitive Information
796 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-312page 14 of 16
- CVE-2024-8459HIGHCVSS 7.2EG 7.22024-09-30
Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials.
- CVE-2024-8644HIGHCVSS 7.5EG 7.52024-09-27
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking). This issue affects ValeApp: before v2.0.0.
- CVE-2024-8689MEDIUMCVSS 6.0EG 0.02024-09-11
A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles.
- CVE-2024-9040LOWCVSS 2.3EG 2.32024-09-20
A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the component Password Handler. The manipulation leads to cleartext storage in a file or on …
- CVE-2024-9432MEDIUMCVSS 6.9EG 0.02026-01-30
Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data. The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X.
- CVE-2024-9466MEDIUMCVSS 6.5EG 6.52024-10-09
A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.
- CVE-2024-9798CRITICALCVSS 9.0EG 9.02024-10-10
The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers.
- CVE-2024-9802MEDIUMCVSS 5.3EG 5.32024-10-10
The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise abo…
- CVE-2024-9991HIGHCVSS 7.0EG 0.02024-10-25
This vulnerability exists in Philips lighting devices due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary dat…
- CVE-2025-0123MEDIUMCVSS 5.9EG 0.02025-04-11
A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-pac…
- CVE-2025-0142MEDIUMCVSS 4.3EG 4.32025-01-30
Cleartext storage of sensitive information in the Zoom Jenkins Marketplace plugin before version 1.4 may allow an authenticated user to conduct a disclosure of information via network access.
- CVE-2025-0418MEDIUMCVSS 5.2EG 0.02025-04-01
Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.
- CVE-2025-10464MEDIUMCVSS 6.5EG 6.52026-02-09
Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data.This issue affects Senseway: through 09022026. NOTE: Because the pr…
- CVE-2025-11009MEDIUMCVSS 5.1EG 5.12025-12-17
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GT Designer3 Version1 (GOT2000) all versions and Mitsubishi Electric GT Designer3 Version1 (GOT1000) all versions allows a local unauthenticated attacker to ob…
- CVE-2025-12679MEDIUMCVSS 6.5EG 6.52026-02-02
A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption (PBE) key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to acc…
- CVE-2025-12680MEDIUMCVSS 4.9EG 4.92026-02-02
Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to a…
- CVE-2025-12772MEDIUMCVSS 4.9EG 4.92026-02-02
Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file…
- CVE-2025-12774HIGHCVSS 7.5EG 7.52026-02-03
A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and …
- CVE-2025-14377HIGHCVSS 8.8EG 0.02026-01-20
A security issue was discovered within the legacy Ansible playbook component of Verve Asset Manager, caused by plaintext secrets incorrectly stored when a playbook is running. This component has been retired and has been optional since the…
- CVE-2025-14815CRITICALCVSS 9.3EG 0.02026-04-08
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, M…
- CVE-2025-14836LOWCVSS 2.7EG 2.72025-12-17
A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/user_save.php of the component User Data Storage Module. This manipulation causes cleartext storage in a file or on disk. Remo…
- CVE-2025-1499MEDIUMCVSS 6.5EG 6.52025-06-01
IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.
- CVE-2025-21060MEDIUMCVSS 5.5EG 5.52025-10-10
Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access backup data from applications. User interaction is required for triggering this vulnerability.
- CVE-2025-21061HIGHCVSS 7.1EG 7.12025-10-10
Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access sensitive data. User interaction is required for triggering this vulnerability.
- CVE-2025-2120LOWCVSS 2.1EG 2.12025-03-09
A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as problematic. This issue affects some unknown processing of the file /tmp/hostapd.conf of the component Configuration File Handler. The manipul…
- CVE-2025-2181MEDIUMCVSS 5.9EG 0.02025-08-13
A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma® Cloud can result in the cleartext exposure of Prisma Cloud access keys in Checkov's output.
- CVE-2025-2182MEDIUMCVSS 5.6EG 0.02025-08-13
A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NG…
- CVE-2025-2189MEDIUMCVSS 5.1EG 0.02025-03-11
This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obt…
- CVE-2025-22896HIGHCVSS 8.6EG 8.62025-02-13
mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information.
- CVE-2025-23027MEDIUMCVSS 6.3EG 0.02025-01-13
next-forge is a Next.js project boilerplate for modern web application. The BASEHUB_TOKEN commited in apps/web/.env.example. Users should avoid use of this token and should remove any access it may have in their systems.
- CVE-2025-23215CRITICALCVSS 9.3EG 0.02025-01-31
PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are included in jar published to Maven Central. The private key itself is not known to have been compromised itself, …
- CVE-2025-23291LOWCVSS 2.4EG 2.42025-09-30
NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure.
- CVE-2025-25613HIGHCVSS 7.5EG 6.52025-11-20
FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing userna…
- CVE-2025-25758HIGHCVSS 7.5EG 7.52025-03-20
An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via the android:allowBackup="true" in the ANdroidManifest.xml
- CVE-2025-26495HIGHCVSS 7.5EG 7.52025-02-11
Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.1…
- CVE-2025-27460HIGHCVSS 7.6EG 7.62025-07-03
The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an attacker with physical access to the device to use an alternative operating system to interact with the hard drives, c…
- CVE-2025-27532MEDIUMCVSS 6.5EG 6.52025-04-30
A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to access secret information via multiple crafted HTTP requests.
- CVE-2025-27622MEDIUMCVSS 4.3EG 4.32025-03-05
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of se…
- CVE-2025-27623MEDIUMCVSS 4.3EG 4.32025-03-05
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets.
- CVE-2025-27685HIGHCVSS 7.5EG 7.52025-03-05
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Configuration File Contains CA & Private Key V-2022-001.
- CVE-2025-2770MEDIUMCVSS 6.5EG 4.92025-04-23
BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authenti…
- CVE-2025-2909MEDIUMCVSS 6.9EG 0.02025-03-28
The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows an attacker to gain unauthorised access to the application code and discover sensitive information.
- CVE-2025-2922LOWCVSS 2.0EG 2.02025-03-28
A vulnerability classified as problematic was found in Netis WF-2404 1.1.124EN. Affected by this vulnerability is an unknown functionality of the component BusyBox Shell. The manipulation leads to cleartext storage of sensitive information…
- CVE-2025-30124CRITICALCVSS 9.8EG 9.82025-07-28
An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. When a new SD card is inserted into the dashcam, the existing password is written onto the SD card in cleartext automatically. An attacker with temporary access to the dash…
- CVE-2025-31725MEDIUMCVSS 5.5EG 4.32025-04-02
Jenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
- CVE-2025-31726MEDIUMCVSS 5.5EG 4.32025-04-02
Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller f…
- CVE-2025-31727MEDIUMCVSS 5.5EG 4.32025-04-02
Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins …
- CVE-2025-32353HIGHCVSS 8.2EG 4.82025-07-16
Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Credentials (for privileged access) stored in the collector.txt configuration file.
- CVE-2025-32752MEDIUMCVSS 5.7EG 4.92025-05-29
Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.
- CVE-2025-33081LOWCVSS 3.3EG 4.32026-02-03
IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user.
Map vulnerabilities like CWE-312 to your infrastructure
EchelonGraph correlates every CVE — across CWE-312 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →