Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-312

CWE-312

Cleartext Storage of Sensitive Information

Parent: CWE-311 - Missing Encryption of Sensitive Data

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

804 vulnerabilities with CWE-312

CVE-2026-46622 HIGH

SolidInvoice: API tokens stored as plaintext in the database allowing full credential compromise on database breach

CVE-2026-10786 MEDIUM

Devolutions Server - Cleartext Storage of Sensitive Information

CVE-2026-36176 HIGH

GNCC GP5 7.1.76 - Unauthorized Operations via Plaintext Backblaze B2 Upload URL Exposure

CVE-2026-4387 LOW

Unencrypted storage of authentication state in StrongDM Desktop Application state.kv file

CVE-2026-45040 MEDIUM

RustFS: Sensitive Information Leakage (SessionToken and SecretAccessKey) in RustFS Logs [Debug Mode]

CVE-2026-9274 MEDIUM

Information Exposure Vulnerability in CP-Plus Wi-Fi Camera

CVE-2026-8596 HIGH

Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path

CVE-2026-6332 HIGH

Clear Text Storage of Sensitive Information on EcoStruxure™ Machine Expert HVAC

CVE-2026-42408 MEDIUM

F5 BIG-IP DNS tmsh - Sensitive Information Disclosure

CVE-2026-28758 MEDIUM

BIG-IP - Cleartext Storage of Sensitive Information in iControl REST Response and Audit Log

CVE-2026-43992 CRITICAL

JunoClaw: MCP write tools exposed raw BIP-39 mnemonic as a tool-call parameter

CVE-2026-45362 LOW

Sangoma Switchvox < 8.4 - Cleartext Storage of Sensitive Information in Backup File

CVE-2026-41520 HIGH

Cillium exposes sensitive information included in the cilium-bugtool debug archive

CVE-2026-43942 MEDIUM

electerm: Full process.env exposed to renderer via window.pre.env in electerm

CVE-2026-8026 LOW

FlowiseAI Flowise API Response account.service.ts login information disclosure

CVE-2026-42151 HIGH

Prometheus Azure AD remote write OAuth client secret exposed via config API

CVE-2026-7163 MEDIUM

Red Hat Multicluster Engine Assisted Installer - Administrative Credential Disclosure

CVE-2026-41385 MEDIUM

OpenClaw < 2026.3.31 - Nostr Private Key Exposure via config.get Redaction Bypass

CVE-2026-6796 MEDIUM

Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file

CVE-2026-6553 HIGH

TYPO3 CMS Stores Cleartext Password in User Settings Module

CVE-2026-6598 MEDIUM

langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in file

CVE-2026-35644 MEDIUM

OpenClaw < 2026.3.22 - Credential Exposure via baseUrl Fields in Gateway Snapshots

CVE-2026-39943 MEDIUM

Directus exposes sensitive fields in revision history

CVE-2026-5531 MEDIUM

SourceCodester Student Result Management System HTTP GET Request login_credentials.txt cleartext storage in file

CVE-2026-34833 HIGH

Bulwark Webmail: Information Exposure: password returned in /api/auth/session

Page 1 of 33 Next

Details

Vulnerabilities 804

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy