CWE-256 · Plaintext Storage of a Password

208 CVEs classified under CWE-256 (Plaintext Storage of a Password). Browse by severity and year.

Top CVEs for CWE-256
CVESeverityScorePublishedSummary
CVE-2020-6961Critical10.02020-01-24In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE…
CVE-2024-55026Critical9.82026-03-03An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supp…
CVE-2026-21660Critical9.82026-02-27Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22…
CVE-2025-6561Critical9.82025-06-26Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electronic have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remo…
CVE-2025-6560Critical9.82025-06-24Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly acce…
CVE-2025-5893Critical9.82025-06-09Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to ac…
CVE-2025-27662Critical9.82025-03-05Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Password in URL OVE-20230524-0005.
CVE-2025-27656Critical9.82025-03-05Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Password Stored in Process List V-2023-011.
CVE-2024-5960Critical9.82024-09-18Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials. This issue affects Panel: before v2.3.24.
CVE-2024-33375Critical9.82024-06-14LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware.
CVE-2024-36081Critical9.82024-05-19Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a ser…
CVE-2024-23486Critical9.82024-04-15Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the pr…
CVE-2017-16714Critical9.82018-09-06In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication.
CVE-2018-8851Critical9.82018-07-24Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store…
CVE-2018-7510Critical9.82018-06-06In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versions prior to 4107600010.23, passwords are presented in plain…
CVE-2017-7913Critical9.82017-05-29A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1…
CVE-2025-15113Critical9.32025-12-30Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload M…
CVE-2024-6118Critical9.12024-08-05A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the othe…
CVE-2022-36308Critical9.12022-08-16Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials…
CVE-2023-41610High8.82024-09-18Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext.