Vulnerabilities (CVE)

Filtered by CWE-312
Total 667 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-44649 1 Trendnet 2 Tew-wlc100p, Tew-wlc100p Firmware 2025-08-01 N/A 7.5 HIGH
In the configuration file of racoon in the TRENDnet TEW-WLC100P 2.03b03, the first item of exchage_mode is set to aggressive. Aggressive mode in IKE Phase 1 exposes identity information in plaintext, is vulnerable to offline dictionary attacks, and lacks flexibility in negotiating security parameters.
CVE-2025-50777 2025-07-31 N/A 7.8 HIGH
The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera (version V1.00.02) contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access. Once accessed, the device exposes critical data including Wi-Fi credentials and ONVIF service credentials stored in plaintext, enabling further compromise of the network and connected systems.
CVE-2025-7738 2025-07-31 N/A 4.4 MEDIUM
A flaw was found in Ansible Automation Platform (AAP) where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited to privileged users, the clear text exposure of sensitive credentials increases the risk of accidental leaks or misuse.
CVE-2025-30124 2025-07-30 N/A 9.8 CRITICAL
An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. When a new SD card is inserted into the dashcam, the existing password is written onto the SD card in cleartext automatically. An attacker with temporary access to the dashcam can switch the SD card to steal this password.
CVE-2024-7259 2 Ovirt, Redhat 2 Ovirt-engine, Virtualization 2025-07-30 N/A 4.4 MEDIUM
A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.
CVE-2025-54538 1 Jetbrains 1 Teamcity 2025-07-29 N/A 5.5 MEDIUM
In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command
CVE-2025-54537 1 Jetbrains 1 Teamcity 2025-07-29 N/A 5.5 MEDIUM
In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots
CVE-2025-54422 2025-07-29 N/A N/A
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory, exposing them to potential interception. The vulnerability is particularly severe during password modification operations, where both old and new passwords are passed as plaintext command-line arguments to the Imbox process without any encryption or obfuscation. This implementation flaw allows any process within the user session, including unprivileged processes, to retrieve these sensitive credentials by reading the command-line arguments, thereby bypassing standard privilege requirements and creating a significant security risk. This is fixed in version 1.16.2.
CVE-2025-4394 2025-07-25 N/A 6.8 MEDIUM
Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025
CVE-2024-50570 1 Fortinet 1 Forticlient 2025-07-24 N/A 5.0 MEDIUM
A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector
CVE-2021-39077 2 Ibm, Linux 2 Security Guardium, Linux Kernel 2025-07-23 N/A 4.4 MEDIUM
IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.
CVE-2023-20059 1 Cisco 1 Catalyst Center 2025-07-23 N/A 4.3 MEDIUM
A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper role-based access control (RBAC) with the integration of PnP. An attacker could exploit this vulnerability by authenticating to the device and sending a query to an internal API. A successful exploit could allow the attacker to view sensitive information in clear text, which could include configuration files.
CVE-2021-1265 1 Cisco 1 Catalyst Center 2025-07-23 4.0 MEDIUM 6.5 MEDIUM
A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being stored in clear text, which can be retrieved by various API calls. An attacker could exploit this vulnerability by authenticating to the device and executing a series of API calls. A successful exploit could allow the attacker to retrieve the full unmasked running configurations of managed devices.
CVE-2025-2120 1 Thinkware 2 F800 Pro, F800 Pro Firmware 2025-07-22 1.7 LOW 2.1 LOW
A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as problematic. This issue affects some unknown processing of the file /tmp/hostapd.conf of the component Configuration File Handler. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-44614 1 Tinxy 2 Wifi Lock Controller V1 Rf, Wifi Lock Controller V1 Rf Firmware 2025-07-22 N/A 7.5 HIGH
Tinxy WiFi Lock Controller v1 RF was discovered to store users' sensitive information, including credentials and mobile phone numbers, in plaintext.
CVE-2025-7397 2025-07-22 N/A N/A
A vulnerability in the ascgshell, of Brocade ASCG before 3.3.0 stores any command executed in the Command Line Interface (CLI) in plain text within the command history. A local authenticated user that can access sensitive information like passwords within the CLI history leading to unauthorized access and potential data breaches.
CVE-2025-41458 2025-07-22 N/A 5.5 MEDIUM
Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the app’s filesystem.
CVE-2025-53670 1 Jenkins 1 Nouvola Divecloud 2025-07-18 N/A 6.5 MEDIUM
Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
CVE-2025-53755 2025-07-16 N/A N/A
This vulnerability exists in Digisol DG-GR6821AC Router due to storage of credentials and PINS without encryption in the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the unencrypted data stored in the firmware of targeted device. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the network of the targeted device.
CVE-2025-53758 2025-07-16 N/A N/A
This vulnerability exists in Digisol DG-GR6821AC Router due to use of default admin credentials at its web management interface. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the hardcoded default credentials stored in the firmware of the targeted device. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted device.