CVEs classified under CWE-261, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2025-31229 — CVSS 9.1 (critical): A logic issue was addressed with improved checks. This issue is fixed in iOS 18.6 and iPadOS 18.6. Passcode may be read aloud by VoiceOver.
CVE-2024-24279 — CVSS 8.8 (high): An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint Encryption Super Speed Flash Disk) allows attackers to gain escalated…
CVE-2024-7407: Use of a custom password encoding algorithm in Streamsoft Prestiż software allows straightforward decoding of passwords using their…
CVE-2024-28270 — CVSS 8.1 (high): An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to…
CVE-2025-2862 — CVSS 7.5 (high): SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the device's system or…
CVE-2024-0556 — CVSS 7.1 (high): A Weak Cryptography for Passwords vulnerability has been detected on WIC200 affecting version 1.1. This vulnerability allows a remote user…
CVE-2026-22543: The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a…
CVE-2024-5434: The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that…
CVE-2025-11155: The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a…
CVE-2025-26401 — CVSS 6.5 (medium): Weak encoding for password vulnerability exists in HMI ViewJet C-more series. If this vulnerability is exploited, authentication…
CVE-2026-0809: Use of a custom token encoding algorithm in Streamsoft Prestiż software allows the value of the KSeF (Krajowy System e-Faktur) token to be…
CVE-2025-67652 — CVSS 6.1 (medium): An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain…
CVE-2026-40639 — CVSS 5.7 (medium): Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could…
CVE-2026-25607: Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords…
CVE-2023-0356 — CVSS 5.7 (medium): SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in…
CVE-2024-52334 — CVSS 5.3 (medium): A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF07). The affected application does not encrypt the…
CVE-2025-25298 — CVSS 5.3 (medium): Strapi is an open source headless CMS. The @strapi/core package before version 5.10.3 does not enforce a maximum password length when using…