CWE-312: CWE-312

JUnit versions 5.12.0 to 5.13.1 can leak Git credentials through Open Test Reporting XML files. If these test reports are published or stored publicly...

This vulnerability allows attackers with physical access to a logged-in operator's mobile device to extract session tokens stored in cleartext. Attack...

Dell ThinOS 2502 and earlier versions store sensitive information in cleartext, allowing high-privileged attackers with physical access to read this d...

CVE-2024-55582 is a vulnerability in Oxide versions before 6 where Control Plane datastores are stored unencrypted. This allows attackers with access ...

This vulnerability allows network-adjacent attackers to bypass authentication and access plaintext configuration secrets stored on NETGEAR RAX30 route...

Dell ECS and ObjectScale store sensitive information in cleartext, allowing local low-privileged attackers to read confidential data. This affects Del...

Samsung Smart Switch versions before 3.7.67.2 store sensitive application backup data in cleartext, allowing local attackers with physical or remote a...

This vulnerability in Sandboxie exposes user passwords during encrypted sandbox creation and modification. Passwords are transmitted via shared memory...

This vulnerability in JetBrains TeamCity allows passwords to be exposed via command line arguments when using the 'hg pull' command. Attackers with ac...

This vulnerability allows local attackers to extract sensitive data from the Two App Studio Journey iOS app by accessing unencrypted database files in...

A local attacker with low privileges can view the connected controller's password in plain text in PLC Designer V4 under specific conditions. This aff...

CVE-2024-56428 allows local attackers to read cleartext credentials from the iLabClient database. This affects users of iTech iLabClient 3.7.1 who hav...

Brocade SANnav versions before 2.3.1b log sensitive information like passwords and SNMP secrets in clear text. This allows authenticated local attacke...

Texas Instruments Fusion Digital Power Designer v7.10.1 stores credentials in plaintext, allowing local attackers to read sensitive authentication inf...

This vulnerability in OpenStack Platform (RHOSP) director exposes plaintext passwords in log files, potentially allowing unauthorized access to sensit...

The CVE-2025-59792 vulnerability in Apache Kvrocks allows attackers to obtain plaintext credentials through the MONITOR command. This affects all Apac...

This vulnerability in Moodle allows unauthorized users to view hidden user profile fields through gradebook reports. Users without the 'view hidden us...

CVE-2024-9802 exposes sensitive information through a publicly accessible conformance validation endpoint in Zowe API Layer. This allows unauthenticat...

Linksys Velop Pro 6E and 7 routers transmit Wi-Fi passwords in unencrypted plaintext over the internet during initial setup via the mobile app. This e...

A vulnerability in Mitsubishi Electric GT Designer3 allows local unauthenticated attackers to extract plaintext credentials from project files. This e...

This vulnerability allows unauthenticated attackers to directly access Mautic's .env configuration files via web browser, exposing sensitive informati...

This vulnerability allows local authenticated users on Windows or Linux systems running affected FortiClient versions to retrieve VPN passwords via me...

Devolutions Server versions 2025.3.14 and earlier store sensitive user account information unencrypted in the database. This allows attackers with dat...

Brocade SANnav versions before 2.4.0b log the Fabric OS Switch admin password in clear text within support save logs and heap dump files during out-of...

Nagios Log Server versions before 2024R2.0.2 expose plaintext AD/LDAP passwords during user import operations. This allows administrators or users wit...

This vulnerability in oVirt allows administrators, including those with ReadOnlyAdmin permissions, to view Provider passwords in cleartext using brows...

This vulnerability allows attackers with physical access to extract Wi-Fi credentials stored in plain text within TP-Link IoT Smart Hub firmware. Affe...

This vulnerability allows attackers with physical access to extract plaintext FTP credentials from SyroTech SY-GPON-1110-WDONT router firmware. Affect...

CVE-2025-7738 exposes GitHub Enterprise client secrets in clear text through Ansible Automation Platform's Gateway API. This affects administrators an...

IBM OpenPages with Watson 9.0 may write sensitive information in clear text to system tracing log files under specific configurations. This could allo...

Jenkins versions 2.540 and earlier (including LTS 2.528.2 and earlier) store build authorization tokens unencrypted in job configuration files. This a...

Jenkins versions 2.540 and earlier (including LTS 2.528.2 and earlier) expose build authorization tokens in plain text on job configuration forms. Thi...

This vulnerability in Jenkins allows attackers with Agent/Extended Read permission to view encrypted secrets stored in agent configuration files via R...

Click Programming Software v3.60 stores credentials in cleartext, allowing local users with file system access to steal them during active administrat...

This vulnerability allows physically proximate attackers with elevated privileges to read and modify the unencrypted SSD contents of affected Entrust ...

This vulnerability in FOXMAN-UN/UNEM systems involves sensitive information being stored in cleartext within accessible resources. Attackers with acce...

Microsoft PC Manager stores sensitive information in cleartext, allowing local attackers to bypass security features. This affects users running vulne...

IBM Concert versions 1.0.0 through 2.1.0 store sensitive information in log files that local users can read. This information disclosure vulnerability...

This vulnerability in Desktop Alert PingAlert's Application Server exposes sensitive information due to incompatible security policies. It affects org...

This vulnerability in ZZCMS 2025 allows attackers to store user data in cleartext on disk through the /reg/user_save.php file. Remote exploitation is ...

This vulnerability allows attackers to retrieve plaintext API keys from OpenText Vertica agents, potentially enabling unauthorized access to Vertica s...

This CVE describes a physical access vulnerability where attackers can desolder flash memory chips from Dormakaba K7 (Linux) and K5 (Windows CE) acces...

This vulnerability allows attackers to download the complete device database backup containing sensitive unencrypted PINs and encrypted MIFARE keys by...

This vulnerability in R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to retrieve the admin password via the system.cgi endpoint....