CVEs classified under CWE-257, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (38)
CVE-2025-8095: The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak…
CVE-2025-8904 — CVSS 8.5 (high): Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with…
CVE-2025-34180: NetSupport Manager < 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server…
CVE-2025-6996 — CVSS 8.4 (high): Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local…
CVE-2025-6995 — CVSS 8.4 (high): Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local…
CVE-2016-15058 — CVSS 8.1 (high): Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a…
CVE-2017-9942 — CVSS 7.8 (high): A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to…
CVE-2024-8774: The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges…
CVE-2025-0280 — CVSS 7.5 (high): A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access.
CVE-2024-1480 — CVSS 7.5 (high): Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication.
CVE-2021-27485 — CVSS 7.5 (high): ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could…
CVE-2025-14295: Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords…
CVE-2025-57796 — CVSS 6.8 (medium): Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data…
CVE-2024-32932 — CVSS 6.8 (medium): Under certain circumstances the web interface users credentials may be recovered by an authenticated user.
CVE-2023-38738 — CVSS 6.8 (medium): IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication…
CVE-2026-22614 — CVSS 6.1 (medium): The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access…
CVE-2024-51552 — CVSS 6.0 (medium): Weak password storage vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise…
CVE-2025-8307: Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of…
CVE-2024-32151 — CVSS 5.9 (medium): User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump…
CVE-2022-46142 — CVSS 5.7 (medium): Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the…
CVE-2026-30785 — CVSS 5.5 (medium): Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Password Hash With Insufficient…
CVE-2025-57789 — CVSS 5.4 (medium): During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain…
CVE-2026-1836: The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to…
CVE-2025-35054 — CVSS 5.3 (medium): Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The…
CVE-2023-31001 — CVSS 5.1 (medium): IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker…
CVE-2024-32042 — CVSS 4.9 (medium): The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords…
CVE-2025-24852 — CVSS 4.6 (medium): Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an…
CVE-2025-40774 — CVSS 4.4 (medium): A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications store user passwords encrypted…
CVE-2025-27459 — CVSS 4.4 (medium): The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original…
CVE-2025-25983 — CVSS 3.4 (low): An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker…
CVE-2024-6694 — CVSS 2.7 (low): The WP Mail SMTP plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 4.0.1. This is due to…
CVE-2024-3073 — CVSS 2.7 (low): The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all…
CVE-2024-32122 — CVSS 2.3 (low): A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions…