CWE-256: CWE-256
Yearly Trend
Top Affected Vendors
All CWE-256 CVEs (58)
Quick.Cart stores user passwords in plaintext, allowing attackers with administrative privileges to view them on the user editing page. This affects a...
Feb 5, 2026The Simple History WordPress plugin versions before 5.8.1 expose user passwords in clear text when Detective Mode is enabled. When users submit login ...
Jun 6, 2025IBM Storage Defender - Resiliency Service versions 2.0.0 through 2.0.9 store secret keys containing user credentials in clear text. This allows privil...
Dec 18, 2024IBM Jazz Reporting Service 7.0.3 stores user credentials in plain text, allowing administrative users to read sensitive authentication data. This vuln...
Jun 13, 2024The Jenkins QMetry Test Management Plugin 1.13 and earlier exposes API keys in plain text on job configuration forms instead of masking them. This all...
Jul 9, 2025The Jenkins Cadence vManager Plugin stores Verisium Manager vAPI keys unencrypted in job configuration files on the Jenkins controller. This allows us...
Apr 2, 2025This vulnerability allows attackers with physical access to retrieve administrative passwords stored in plaintext. It affects systems where specific s...
Jul 31, 2024This vulnerability allows unauthorized users to obtain the admin password for WODESYS WD-R608U routers by accessing a configuration file where it's st...
Dec 18, 2025About CWE-256 (CWE-256)
Our database tracks 58 CVEs classified as CWE-256, with 5 rated critical and 23 rated high severity. The average CVSS score for CWE-256 vulnerabilities is 6.8.
External reference: View CWE-256 on MITRE CWE →
Monitor CWE-256 Vulnerabilities
Get alerted when new CWE-256 CVEs affect your infrastructure.
Start Monitoring Free