CWE-256: CWE-256

The Victure PC420 camera firmware version 1.1.39 contains a hardcoded root password stored in plaintext, allowing attackers to gain administrative acc...

CVE-2024-3622 is a vulnerability in mirror-registry for Quay installations where a default secret is stored in plain text in configuration files. This...

Dell EMC Repository Manager (DRM) version 3.2 stores proxy server passwords in plain text in a local database. This allows any authenticated local use...

Dell EMC System Update versions 1.9.2 and earlier store user credentials insecurely, allowing local attackers with user privileges to read passwords. ...

This vulnerability in Zabbix's front-end audit log allows unauthorized viewing of plaintext passwords. Attackers with access to the audit log interfac...

This vulnerability exposes LUKS disk encryption keys in plain text on legacy BIOS installations with specific manual partitioning configurations. It a...

Rockwell Automation ISaGRAF Runtime versions 4.x and 5.x store passwords in plaintext files in the same directory as the executable. This allows local...

CVE-2025-56527 allows attackers to steal plaintext passwords stored in the client's localStorage in Kotaemon 0.11.0. This affects all users of the vul...

QuickCMS version 6.8 contains hardcoded admin credentials stored in plaintext within a configuration file. Attackers with access to the source code or...

Draytek routers store passwords in plaintext instead of using secure hashing, allowing attackers with access to the device's storage to read sensitive...

Dell VxRail versions 8.0.000 through 8.0.311 store passwords in plaintext, allowing high-privileged attackers with local access to read sensitive cred...

Dell VxRail versions 7.0.000 through 7.0.532 store passwords in plaintext, allowing a high-privileged attacker with local access to read sensitive cre...

This vulnerability allows remote unauthenticated attackers to extract plaintext passwords from project files in Mitsubishi Electric PLC systems. Attac...

Rundeck 4.2.0 and 4.2.1 have a vulnerability where the Key Storage encryption mechanism fails to work properly, causing credentials to be stored in pl...

Dell PowerStore storage systems store certain user credentials in plain text, allowing locally authenticated attackers to read sensitive passwords. Th...

A vulnerability in Hitachi Energy Asset Suite's SOAP Web services allows attackers to bypass authentication mechanisms and expand password attack wind...

Toshiba printers have coredump binaries with incorrect permissions, allowing local attackers to read sensitive information. This affects specific Tosh...

A vulnerability in ABB's VideONet component within System 800xA versions allows attackers to disrupt or manipulate video feeds. This affects industria...

This vulnerability in Quay's mirror-registry exposes database credentials stored in plain-text within the jinja config.yaml file. An attacker with acc...

This vulnerability allows unauthenticated attackers to access the admin.xml file containing plaintext credentials for all users, including administrat...

Dell VxVerify versions before x.40.405 store passwords in plain text within shell wrapper files. A local high-privileged attacker can read these crede...

CVE-2024-28736 is a local privilege escalation vulnerability in Debezium Community UI version 2.5 that allows an attacker with local access to execute...

Dell CloudBoost Virtual Appliance versions before 19.14.0.0 store passwords in plaintext, allowing attackers with remote access and high privileges to...

This vulnerability in Dell CloudLink allows privileged users to escalate their privileges or access the database to obtain confidential information. I...

SoftPerfect Connection Quality Monitor v1.1 stores all credentials in plaintext, allowing attackers with access to the system to read sensitive authen...

The Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores sensitive credentials unencrypted in job configuration files on the Jenkins con...

The Jenkins IFTTT Build Notifier Plugin stores sensitive IFTTT Maker Channel Keys unencrypted in configuration files, allowing users with Item/Extende...

The Jenkins Apica Loadtest Plugin stores authentication tokens in plaintext within job configuration files, allowing users with Item/Extended Read per...

This vulnerability exposes PostgreSQL database credentials stored in plain text (partially base64 encoded) in SICK industrial control systems. Attacke...

Arista EOS devices with gNMI transport enabled may log or transmit remote server credentials when using the gNOI File TransferToRemote RPC. This affec...

Bosscomm IF740 OBD2 tablets store passwords in cleartext, allowing attackers with physical or logical access to read sensitive credentials. This affec...

IBM Common Licensing 9.0 stores user credentials in plain text, allowing local users to read sensitive authentication data. This affects systems runni...

This vulnerability allows attackers to decrypt sensitive data and impersonate legitimate users or devices by exploiting a cryptographic weakness (CWE-...

Turms Server versions v0.10.0-SNAPSHOT and earlier store administrator passwords in plaintext memory after successful login. Attackers with local syst...

CVE-2024-45283 is an information disclosure vulnerability in SAP NetWeaver AS for Java that allows authorized attackers to obtain usernames and passwo...

IBM Storage Defender - Resiliency Service versions 2.0.0 through 2.0.9 store user credentials in plain text within pod files. This allows authenticate...

HCL Workload Scheduler stores user credentials in plain text files that can be read by local users on the system. This vulnerability allows unauthoriz...

This vulnerability in some Lenovo Tablets allows a local authenticated user or application to access sensitive device-specific information. It affects...

Vasion Print (formerly PrinterLogic) Virtual Appliance stores sensitive credentials in cleartext world-readable files, allowing any local user or proc...

IBM Datacap Navigator versions 9.1.5 through 9.1.9 store user credentials in plain text, allowing local users to read sensitive authentication data. T...

CVE-2024-4425 is a plain-text credential storage vulnerability in CemiPark software that allows attackers with unauthorized device access to retrieve ...

The Jenkins Sensedia Api Platform tools Plugin 1.0 fails to mask the Sensedia API Manager integration token on the global configuration form, exposing...

IBM InfoSphere Information Server 11.7 contains an information disclosure vulnerability where authenticated users can access sensitive local data unde...

Dell PowerProtect Data Manager versions 19.19 and 19.20 for Hyper-V store passwords in plaintext, allowing high-privileged local attackers to steal cr...

The Charmed MySQL K8s operator versions before revision 221 (Kubernetes) and revision 338 (machine operators) create temporary files containing databa...