CWE-312 · Cleartext Storage of Sensitive Information

808 CVEs classified under CWE-312 (Cleartext Storage of Sensitive Information). Browse by severity and year.

Top CVEs for CWE-312
CVESeverityScorePublishedSummary
CVE-2022-43757Critical9.92023-02-07A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends o…
CVE-2021-36782Critical9.92022-09-07A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Member…
CVE-2020-9045Critical9.92020-05-21During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used…
CVE-2026-43992Critical9.82026-05-12JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract…
CVE-2026-31848Critical9.82026-03-23Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which contains Base64-encoded credential data comb…
CVE-2025-65826Critical9.82025-12-10The mobile application was found to contain stored credentials for the network it was developed on. If an attacker retrieved this, and found the physical locat…
CVE-2025-34216Critical9.82025-09-29Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (VA deployments only) expose…
CVE-2025-34206Critical9.82025-09-19Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) mount host configuration and secret material under /var/w…
CVE-2025-30124Critical9.82025-07-28An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. When a new SD card is inserted into the dashcam, the existing password is written onto the S…
CVE-2024-46340Critical9.82024-12-10TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and TL-WR845N(UN)_V4_190219 was discovered to transmit user credentials in plaintext after executing…
CVE-2023-31069Critical9.82023-09-11An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page.
CVE-2023-33373Critical9.82023-08-04Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonat…
CVE-2020-15332Critical9.82022-09-29Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.
CVE-2022-26148Critical9.82022-03-21An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When t…
CVE-2021-29954Critical9.82021-06-24Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulnerability affects Hubs…
CVE-2019-18868Critical9.82020-05-07Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lan…
CVE-2020-5723Critical9.82020-03-30The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and poss…
CVE-2019-19228Critical9.82019-12-04Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /…
CVE-2019-13096Critical9.82019-07-22TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid…
CVE-2019-9873Critical9.82019-07-03In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server cred…