CVEs classified under CWE-316, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2025-52579 — CVSS 9.4 (critical): Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a…
CVE-2014-2366 — CVSS 9.0 (critical): upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code.
CVE-2024-36792 — CVSS 8.2 (high): An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's…
CVE-2025-50109 — CVSS 7.7 (high): Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere.
CVE-2025-9970 — CVSS 7.4 (high): Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21.
CVE-2023-40724 — CVSS 7.3 (high): A vulnerability has been identified in QMS Automotive (All versions < V12.39). User credentials are found in memory as plaintext. An…
CVE-2024-25649 — CVSS 6.7 (medium): In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the…
CVE-2025-60794 — CVSS 6.5 (medium): Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in…
CVE-2024-33901 — CVSS 6.5 (medium): Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database…
CVE-2024-33900 — CVSS 6.5 (medium): KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the…
CVE-2025-60791 — CVSS 6.2 (medium): Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid…
CVE-2026-0857 — CVSS 6.0 (medium): Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server…
CVE-2026-8636 — CVSS 5.5 (medium): IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and…
CVE-2025-42888 — CVSS 5.5 (medium): SAP GUI for Windows may allow a highly privileged user on the affected client PC to locally access sensitive information stored in process…
CVE-2025-65832 — CVSS 4.6 (medium): The mobile application insecurely handles information stored within memory. By performing a memory dump on the application after a user has…
CVE-2025-4618: A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to…
CVE-2025-61713 — CVSS 4.2 (medium): A Cleartext Storage of Sensitive Information in Memory vulnerability [CWE-316] in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions…
CVE-2025-48930 — CVSS 2.8 (low): The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to…
CVE-2024-9203 — CVSS 2.5 (low): A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects…
CVE-2023-23349 — CVSS 2.2 (low): Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled…