CVEs classified under CWE-256, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2024-55026 — CVSS 9.8 (critical): An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute…
CVE-2025-6561 — CVSS 9.8 (critical): Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electronic have an Exposure of Sensitive Information vulnerability, allowing…
CVE-2025-6560 — CVSS 9.8 (critical): Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote…
CVE-2025-5893 — CVSS 9.8 (critical): Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated…
CVE-2025-27656 — CVSS 9.8 (critical): Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Password Stored in Process List…
CVE-2024-5960 — CVSS 9.8 (critical): Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials. This issue affects Panel…
CVE-2024-33375 — CVSS 9.8 (critical): LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware.
CVE-2024-36081 — CVSS 9.8 (critical): Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password…
CVE-2024-23486 — CVSS 9.8 (critical): Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker…
CVE-2025-15113 — CVSS 9.3 (critical): Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated…
CVE-2023-41610 — CVSS 8.8 (high): Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext.
CVE-2024-3622 — CVSS 8.8 (high): A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the…
CVE-2025-7357: LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials…
CVE-2025-3758: WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to unauthorized users. Returned configuration…
CVE-2026-33216 — CVSS 8.6 (high): NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for…
CVE-2025-52164 — CVSS 8.2 (high): Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext.
CVE-2021-47961 — CVSS 8.1 (high): A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence…
CVE-2024-40116 — CVSS 8.1 (high): An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was discovered to store plaintext passwords in the export.html…
CVE-2024-43378 — CVSS 7.8 (high): calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users who installed NixOS…
CVE-2022-43958 — CVSS 7.6 (high): A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are…
CVE-2018-25396 — CVSS 7.5 (high): Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve…
CVE-2025-15624 — CVSS 7.5 (high): Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the…
CVE-2026-35556 — CVSS 7.5 (high): OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access…
CVE-2025-9982 — CVSS 7.5 (high): A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in…
CVE-2024-41336 — CVSS 7.5 (high): Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior…
CVE-2023-6518 — CVSS 7.5 (high): Plaintext Storage of a Password vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This…
CVE-2023-39452 — CVSS 7.5 (high): The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can…
CVE-2023-35067 — CVSS 7.5 (high): Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an…
CVE-2022-31044 — CVSS 7.5 (high): Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin…
CVE-2019-10921 — CVSS 7.5 (high): A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Unencrypted storage of passwords in the…
CVE-2025-2500 — CVSS 7.4 (high): A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. If successfully exploited, an attacker could gain…
CVE-2024-27166 — CVSS 7.4 (high): Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected…
CVE-2024-10334 — CVSS 7.3 (high): A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used. An attacker who…
CVE-2024-3625 — CVSS 7.3 (high): A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on Jinja's config.yaml file. This issue leaves…
CVE-2024-3624 — CVSS 7.3 (high): A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a…
CVE-2024-43659 — CVSS 7.2 (high): After gaining access to the firmware of a charging station, a file at <redacted> can be accessed to obtain default credentials that are the…
CVE-2024-11982 — CVSS 7.2 (high): Certain models of routers from Billion Electric has a Plaintext Storage of a Password vulnerability. Remote attackers with administrator…
CVE-2025-36258 — CVSS 7.1 (high): IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text…
CVE-2025-65009: In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) admin password is stored in configuration file as plaintext and can be…
CVE-2024-28736 — CVSS 7.1 (high): An issue in Debezium Community debezium-ui v.2.5 allows a local attacker to execute arbitrary code via the refresh page function.
CVE-2026-21417 — CVSS 7.0 (high): Dell CloudBoost Virtual Appliance, versions prior to 19.14.0.0, contains a Plaintext Storage of Password vulnerability. A high privileged…
CVE-2026-14867: Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker…
CVE-2025-46366 — CVSS 6.7 (medium): Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploit and gain parallel privilege escalation…
CVE-2025-61680: Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords…