Login Sign Up

CWE-312: CWE-312

140
Total CVEs
7
Critical
73
High
6.8
Avg CVSS

Yearly Trend

2026
12
2025
53
2024
37
2023
16
2022
5

Top Affected Vendors

1 Broadcom 5
2 Jenkins 5
3 Tp Link 3
4 Microsoft 3
5 Ibm 3
6 Redhat 3
7 Couchbase 2
8 Dell 2
9 Samsung 2
10 Mailenable 2

All CWE-312 CVEs (140)

CVE-2022-43757
9.9

CVE-2022-43757 is a cleartext storage vulnerability in SUSE Rancher that allows users on managed clusters to access sensitive credentials stored witho...

Feb 7, 2023
CVE-2025-65826
9.8

This CVE describes a mobile application that contains hardcoded Wi-Fi credentials for the vendor's development network. If attackers extract these cre...

Dec 10, 2025
CVE-2025-30124
9.8

This vulnerability affects Marbella KR8s Dashcam FF 2.0.8 devices, where inserting a new SD card causes the dashcam's password to be written in cleart...

Jul 28, 2025
CVE-2024-46340
9.8

This vulnerability in TP-Link TL-WR845N routers transmits user credentials in plaintext after a factory reset, allowing attackers to intercept login c...

Dec 10, 2024
CVE-2022-26148
9.8

This vulnerability exposes Zabbix account passwords in Grafana's HTML source code when integrated with Zabbix. Attackers can discover credentials by v...

Mar 21, 2022
CVE-2021-29954
9.8

This vulnerability in Hubs Cloud's Reticulum software allowed attackers to use the proxy functionality to access internal URLs, including sensitive me...

Jun 24, 2021
CVE-2024-36497
9.1

CVE-2024-36497 is a critical vulnerability in WINSelect software where decrypted configuration files contain passwords in cleartext. This allows attac...

Jun 24, 2024
CVE-2021-37157
8.8

CVE-2021-37157 exposes the root password in cleartext within the OpenGamePanel OGP-Agent-Linux configuration file. This allows attackers with file rea...

Nov 10, 2021
CVE-2025-51055
8.6

Vedo Suite version 2024.17 stores sensitive credentials, secret keys, and database information in plain text within the /api_vedo/configuration/config...

Aug 6, 2025
CVE-2025-22896
EPSS 45.9% 8.6

mySCADA myPRO Manager stores credentials in cleartext, allowing attackers to read sensitive authentication data. This affects all systems running vuln...

Feb 13, 2025
CVE-2023-3489
8.6

This vulnerability exposes FTP/SFTP/SCP server passwords in clear text within SupportSave files when downgrading from Brocade Fabric OS v9.2.0 to earl...

Aug 31, 2023
CVE-2021-40527
8.6

This vulnerability allows remote attackers to access sensitive developer files stored in an AWS S3 bucket by extracting plain-text credentials from th...

Oct 25, 2021
CVE-2024-28327
8.4

The Asus RT-N12+ B1 router stores user passwords in plaintext, allowing local attackers with physical or network access to read credentials and gain u...

Apr 26, 2024
CVE-2025-32353
8.2

Kaseya Rapid Fire Tools Network Detective 2.0.16.0 stores privileged credentials unencrypted in the collector.txt configuration file. This allows atta...

Jul 16, 2025
CVE-2024-53865
8.2

The zhmcclient Python library logs sensitive password properties in clear text when certain API functions are called. This exposes credentials like FT...

Nov 29, 2024
CVE-2024-41716
8.1

This vulnerability allows attackers who obtain project files from WindLDR and WindO/I-NV4 software to extract cleartext credentials for PLCs and Opera...

Sep 4, 2024
CVE-2021-22509
8.1

CVE-2021-22509 is a sensitive data exposure vulnerability in NetIQ Advanced Authentication where stored authentication information can be accessed by ...

Aug 28, 2024
CVE-2023-50957
8.0

This vulnerability in IBM Storage Defender - Resiliency Service 2.0 allows privileged users to access encrypted data from clear text key storage and p...

Feb 10, 2024
CVE-2025-34427
7.8

MailEnable versions before 10.54 store user and administrative passwords in plaintext within the AUTH.TAB file with overly permissive filesystem permi...

Dec 10, 2025
CVE-2025-34428
7.8

MailEnable versions before 10.54 store user and administrative passwords in plaintext within the AUTH.SAV file with overly permissive filesystem permi...

Dec 10, 2025
CVE-2025-34200
7.8

Vasion Print (formerly PrinterLogic) Virtual Appliance stores network account credentials in clear-text in the world-readable /etc/issue file. An atta...

Sep 19, 2025
CVE-2023-49113
7.8

Kiuwan Local Analyzer contains hard-coded credentials and encryption keys in plain text within JAR files. This allows attackers to potentially decrypt...

Jun 20, 2024
CVE-2023-2809
7.8

This vulnerability allows remote attackers to extract plaintext SQL database credentials from Sage 200 Spain's DLL application. Exploitation could lea...

Oct 4, 2023
CVE-2022-28214
7.8

SAP BusinessObjects Enterprise Central Management Server (CMS) versions 420 and 430 expose authentication credentials in Sysmon event logs during upda...

May 11, 2022
CVE-2021-3551
7.8

CVE-2021-3551 is a credential exposure vulnerability in Dogtag PKI-server where the spkispawn command, when run in debug mode, stores admin credential...

Feb 16, 2022
CVE-2020-35455
7.8

The Taidii Diibear Android application versions 2.4.0 and derivatives store user credentials insecurely in Shared Preferences and SQLite databases, al...

Mar 17, 2021
CVE-2024-52284
7.7

This vulnerability allows users with GET or LIST permissions on BundleDeployment resources to retrieve Helm values containing sensitive credentials an...

Sep 2, 2025
CVE-2024-25661
7.7

CVE-2024-25661 allows guest OS administrators on systems running Infinera TNMS Client 19.10.3 to extract user passwords from memory dumps due to clear...

Oct 1, 2024
CVE-2025-27460
7.6

This vulnerability allows attackers with physical access to bypass Windows login security by booting from an alternative operating system, enabling fu...

Jul 3, 2025
CVE-2025-12774
7.5

A vulnerability in Brocade SANnav migration scripts before version 3.0 allows sensitive database information to be captured in support save files. Att...

Feb 3, 2026
CVE-2025-65320
7.5

Abacre Restaurant Point of Sale (POS) software versions up to 15.0.0.1656 store device-bound license keys in cleartext in process memory during activa...

Dec 3, 2025
CVE-2025-25613
7.5

The FS Inc S3150-8T2F switch transmits administrative credentials in cleartext via base64-encoded cookies during every POST request to the web interfa...

Nov 20, 2025
CVE-2025-63208
7.5

This vulnerability in bridgetech VB288 Objective QoE Content Extractor firmware version 5.6.0-8 allows unauthenticated attackers to retrieve administr...

Nov 19, 2025
CVE-2025-44649
7.5

This vulnerability affects TRENDnet TEW-WLC100P wireless LAN controllers configured with racoon IKE daemon using aggressive mode in Phase 1. It allows...

Jul 21, 2025
CVE-2025-44614
7.5

The Tinxy WiFi Lock Controller v1 RF stores sensitive user information including credentials and phone numbers in plaintext, allowing attackers with a...

May 30, 2025
CVE-2025-25758
7.5

This vulnerability in KukuFM Android app allows attackers to extract sensitive cleartext data from the app's backup files. It affects all users of Kuk...

Mar 20, 2025
CVE-2025-27685
7.5

This vulnerability in Vasion Print (formerly PrinterLogic) exposes CA certificates and private keys in configuration files, allowing attackers to decr...

Mar 5, 2025
CVE-2025-26495
7.5

This vulnerability allows Personal Access Tokens (PATs) to be stored in cleartext within Tableau Server logging repositories. Attackers with access to...

Feb 11, 2025
CVE-2024-51175
7.5

This vulnerability in H3C S1526 switches allows remote attackers to access sensitive configuration files via the S1526.cfg component. Attackers can po...

Dec 17, 2024
CVE-2024-40582
7.5

Pentaminds CuroVMS v2.0.1 contains exposed sensitive information due to improper protection of confidential data. This vulnerability allows attackers ...

Dec 9, 2024
CVE-2024-7783
7.5

This vulnerability in anything-llm's single user mode exposes user passwords in plaintext within JWT bearer tokens. Attackers who obtain these tokens ...

Oct 29, 2024
CVE-2024-45862
7.5

Kastle Systems firmware versions before May 1, 2024 store machine credentials in cleartext, allowing attackers to read sensitive authentication data. ...

Sep 19, 2024
CVE-2024-6921
7.5

NACPremium software stores sensitive information in cleartext, allowing attackers to retrieve embedded sensitive data. This affects NACPremium version...

Sep 2, 2024
CVE-2024-4540
7.5

This vulnerability in Keycloak's OAuth 2.0 Pushed Authorization Requests (PAR) feature exposes client-provided parameters in plain text within the KC_...

Jun 3, 2024
CVE-2024-3742
7.5

Electrolink transmitters store credentials in plain text without encryption, allowing attackers who gain access to the system to read authentication c...

Apr 18, 2024
CVE-2024-22084
7.5

CVE-2024-22084 exposes cleartext passwords and password hashes in log files of Elspec G5 digital fault recorders. This allows attackers to read sensit...

Mar 20, 2024
CVE-2023-6874
7.5

CVE-2023-6874 is a denial of service vulnerability in Silicon Labs Ember ZNet wireless networking stack versions before 7.4.0. Attackers can manipulat...

Feb 5, 2024
CVE-2023-27098
7.5

TP-Link Tapo mobile applications up to version 2.12.703 contain hardcoded credentials that allow unauthorized access to the login panel. This affects ...

Jan 9, 2024
CVE-2023-6250
7.5

The BestWebSoft Like & Share WordPress plugin before version 2.74 exposes password-protected post content to unauthenticated users through meta tags. ...

Dec 26, 2023
CVE-2015-8314
7.5

This vulnerability in the Devise authentication gem for Ruby allows attackers to forge 'Remember Me' cookies, potentially gaining unauthorized persist...

Dec 12, 2023

About CWE-312 (CWE-312)

Our database tracks 140 CVEs classified as CWE-312, with 7 rated critical and 73 rated high severity. The average CVSS score for CWE-312 vulnerabilities is 6.8.

External reference: View CWE-312 on MITRE CWE →

Monitor CWE-312 Vulnerabilities

Get alerted when new CWE-312 CVEs affect your infrastructure.

Start Monitoring Free