CWE-256 · Plaintext Storage of a Password
208 CVEs classified under CWE-256 (Plaintext Storage of a Password). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-6961 | Critical | 10.0 | 2020-01-24 | In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE… |
CVE-2024-55026 | Critical | 9.8 | 2026-03-03 | An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supp… |
CVE-2026-21660 | Critical | 9.8 | 2026-02-27 | Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22… |
CVE-2025-6561 | Critical | 9.8 | 2025-06-26 | Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electronic have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remo… |
CVE-2025-6560 | Critical | 9.8 | 2025-06-24 | Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly acce… |
CVE-2025-5893 | Critical | 9.8 | 2025-06-09 | Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to ac… |
CVE-2025-27662 | Critical | 9.8 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Password in URL OVE-20230524-0005. |
CVE-2025-27656 | Critical | 9.8 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Password Stored in Process List V-2023-011. |
CVE-2024-5960 | Critical | 9.8 | 2024-09-18 | Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials. This issue affects Panel: before v2.3.24. |
CVE-2024-33375 | Critical | 9.8 | 2024-06-14 | LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware. |
CVE-2024-36081 | Critical | 9.8 | 2024-05-19 | Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a ser… |
CVE-2024-23486 | Critical | 9.8 | 2024-04-15 | Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the pr… |
CVE-2017-16714 | Critical | 9.8 | 2018-09-06 | In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication. |
CVE-2018-8851 | Critical | 9.8 | 2018-07-24 | Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store… |
CVE-2018-7510 | Critical | 9.8 | 2018-06-06 | In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versions prior to 4107600010.23, passwords are presented in plain… |
CVE-2017-7913 | Critical | 9.8 | 2017-05-29 | A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1… |
CVE-2025-15113 | Critical | 9.3 | 2025-12-30 | Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload M… |
CVE-2024-6118 | Critical | 9.1 | 2024-08-05 | A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the othe… |
CVE-2022-36308 | Critical | 9.1 | 2022-08-16 | Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials… |
CVE-2023-41610 | High | 8.8 | 2024-09-18 | Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext. |