CWE-312 · Cleartext Storage of Sensitive Information
808 CVEs classified under CWE-312 (Cleartext Storage of Sensitive Information). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-43757 | Critical | 9.9 | 2023-02-07 | A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends o… |
CVE-2021-36782 | Critical | 9.9 | 2022-09-07 | A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Member… |
CVE-2020-9045 | Critical | 9.9 | 2020-05-21 | During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used… |
CVE-2026-43992 | Critical | 9.8 | 2026-05-12 | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract… |
CVE-2026-31848 | Critical | 9.8 | 2026-03-23 | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which contains Base64-encoded credential data comb… |
CVE-2025-65826 | Critical | 9.8 | 2025-12-10 | The mobile application was found to contain stored credentials for the network it was developed on. If an attacker retrieved this, and found the physical locat… |
CVE-2025-34216 | Critical | 9.8 | 2025-09-29 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (VA deployments only) expose… |
CVE-2025-34206 | Critical | 9.8 | 2025-09-19 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) mount host configuration and secret material under /var/w… |
CVE-2025-30124 | Critical | 9.8 | 2025-07-28 | An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. When a new SD card is inserted into the dashcam, the existing password is written onto the S… |
CVE-2024-46340 | Critical | 9.8 | 2024-12-10 | TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and TL-WR845N(UN)_V4_190219 was discovered to transmit user credentials in plaintext after executing… |
CVE-2023-31069 | Critical | 9.8 | 2023-09-11 | An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page. |
CVE-2023-33373 | Critical | 9.8 | 2023-08-04 | Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonat… |
CVE-2020-15332 | Critical | 9.8 | 2022-09-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions. |
CVE-2022-26148 | Critical | 9.8 | 2022-03-21 | An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When t… |
CVE-2021-29954 | Critical | 9.8 | 2021-06-24 | Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulnerability affects Hubs… |
CVE-2019-18868 | Critical | 9.8 | 2020-05-07 | Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lan… |
CVE-2020-5723 | Critical | 9.8 | 2020-03-30 | The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and poss… |
CVE-2019-19228 | Critical | 9.8 | 2019-12-04 | Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /… |
CVE-2019-13096 | Critical | 9.8 | 2019-07-22 | TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid… |
CVE-2019-9873 | Critical | 9.8 | 2019-07-03 | In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server cred… |