CWE-312: CWE-312

This vulnerability in ZPE Systems Nodegrid OS allows remote attackers to obtain sensitive information through the TACACS+ server component. Attackers ...

Fujitsu Software Infrastructure Manager (ISM) versions V2.8.0.060 store proxy server passwords in cleartext within maintenance data files (ismsnap). T...

This vulnerability in Assmann Digitus Plug&View IP Camera HT-IP211HDP allows unauthenticated attackers to download the camera's configuration file con...

Element55 KnowMore appliances version 21 and older store passwords in plaintext, allowing attackers with access to the system to read sensitive creden...

mRemoteNG versions up to 1.76.20 and 1.77.3-dev load encrypted configuration files into memory in plain text at startup, even when not actively connec...

This vulnerability in ALBIS v.13.6.1 allows remote attackers to access sensitive information through improper handling of channel access tokens in the...

The Danfoss AK-EM100 energy meter stores login credentials in cleartext, allowing attackers with physical or logical access to read sensitive authenti...

Ribose RNP versions before 0.16.3 fail to properly lock secret keys after use, potentially leaving them accessible in memory. This affects users of RN...

EnterpriseDB EDB Postgres Advanced Server (EPAS) versions before the fixed releases log unredacted passwords in CREATE/ALTER USER/GROUP/ROLE commands ...

The debug interface in Goldshell ASIC Miners firmware versions 2.2.1 and below is publicly accessible through the web interface, allowing unauthentica...

CVE-2021-42642 is an Insecure Direct Object Reference vulnerability in PrinterLogic Web Stack that allows unauthenticated attackers to retrieve plaint...

The Unisys Cargo Mobile Application before version 1.2.29 stores sensitive information in cleartext, making it visible in device backups. This vulnera...

This vulnerability in XoruX LPAR2RRD and STOR2RRD exposes cleartext passwords in HTML password input fields when viewing device properties. Attackers ...

CVE-2021-37842 is a cleartext storage vulnerability in Couchbase Server 7.0.0 where sensitive XDCR (Cross Data Center Replication) credentials can be ...

CVE-2020-19137 is an information disclosure vulnerability in Autumn CMS that allows unauthenticated attackers to retrieve all user credentials in clea...

This vulnerability in Apple's S/MIME email encryption handling allows attackers to potentially recover plaintext contents from encrypted emails. It af...

JetBrains TeamCity versions before 2021.1 could store passwords in cleartext within version control systems (VCS). This vulnerability allows attackers...

This vulnerability in Liferay Portal's Dynamic Data Mapping module allows unauthenticated remote attackers to view form values that were autosaved by ...

This vulnerability in Xuperchain 3.6.0 allows attackers to recover any user's private key after obtaining a partial signature in multisignature transa...

The MagicMotion Flamingo 2 Android application stores sensitive data on the device's external storage (sdcard) without proper access controls, allowin...

CVE-2021-31816 is a cleartext storage vulnerability in Octopus Server where database passwords are written to log files in plaintext during initial co...

CVE-2020-29324 is a credentials disclosure vulnerability in D-Link DIR-895L MFC routers where hardcoded telnet credentials can be extracted through fi...

CVE-2021-25644 is an information disclosure vulnerability in Couchbase Server where incorrect REST API commands cause authentication credentials to be...

This vulnerability affects Xerox multifunction printers where portions of the drive containing executable code were not encrypted, potentially allowin...

This vulnerability in Infinispan exposes credentials in clear text when cache configurations containing sensitive data (like JDBC or remote store cred...

Smart Switch versions before 3.7.67.2 store sensitive information in cleartext, allowing local attackers with physical or remote access to read this d...

This vulnerability in ABB Automation Builder allows attackers to access sensitive information stored in cleartext and potentially modify critical reso...

CVE-2024-23942 allows local attackers to access unencrypted sensitive data in configuration files on client workstations. This vulnerability enables d...

Navidrome versions before 0.54.1 store JWT secrets in plaintext in the database file, allowing anyone with database access to steal authentication tok...

The Bitwarden Windows desktop application versions before 2023.4.0 store biometric authentication keys in Windows Credential Manager without proper is...

Medtronic MyCareLink Patient Monitor models 24950 and 24952 use an unencrypted filesystem on internal storage, allowing attackers with physical access...

This vulnerability allows remote administrators to read Exchange account passwords stored in DAV server settings via HTTP GET requests. It affects Bit...

This vulnerability in Azure Compute Gallery allows cleartext storage of sensitive information, enabling authorized attackers to access and disclose th...

This vulnerability allows attackers to retrieve embedded sensitive data from Birtech Senseway software due to insecure storage practices. All users of...

This vulnerability exposes the Password-Based Encryption (PBE) key in plaintext within system audit logs during migration operations in Brocade SANnav...

The Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores sensitive API keys and encryption keys unencrypted in job configuration files. This allow...

The Jenkins Kryptowire Plugin stores API keys unencrypted in configuration files, allowing attackers with file system access to steal sensitive creden...

Xerox Workplace Suite stores sensitive secrets like passwords and API keys in unencrypted plain text, making them accessible to attackers who can read...

This vulnerability in Veeam Backup & Replication allows authenticated low-privileged users to retrieve all stored credentials in plaintext through ext...

CVE-2024-31415 is a vulnerability in Eaton Foreseer software where encryption keys for server configurations are insecurely stored. This allows attack...

This vulnerability involves cleartext storage of sensitive information in the Windows Kernel, allowing local attackers to bypass security features. It...

This vulnerability allows authenticated local attackers to extract plain-text SMTP passwords from Siemens SICAM Q100/Q200 power meters. Attackers coul...

This vulnerability exposes SMTP account passwords in plain text within configuration files on Siemens SICAM Q100 and Q200 power meters. An authenticat...

This vulnerability in the Transsion AIVoiceAssistant mobile app allows attackers to access sensitive information due to insufficient encryption. It af...

This vulnerability allows local authenticated administrators on Ivanti Connect Secure and Policy Secure systems to read sensitive data stored in clear...

This vulnerability in Sharp and Toshiba multifunction printers exposes decrypted user passwords in memory before login, allowing attackers to retrieve...

JUnit versions 5.12.0 to 5.13.1 can leak Git credentials through Open Test Reporting XML files. If these test reports are published or stored publicly...

This vulnerability allows attackers with physical access to a logged-in operator's mobile device to extract session tokens stored in cleartext. Attack...

Dell ThinOS 2502 and earlier versions store sensitive information in cleartext, allowing high-privileged attackers with physical access to read this d...

CVE-2024-55582 is a vulnerability in Oxide versions before 6 where Control Plane datastores are stored unencrypted. This allows attackers with access ...