CWE-312— Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.— MITRE CWE catalog
809 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-312page 17 of 17
- CVE-2026-6332HIGHCVSS 7.5EG 7.52026-05-14
CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When an authorized atta…
- CVE-2026-6553HIGHCVSS 7.5EG 7.52026-04-21
Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.
- CVE-2026-6598MEDIUMCVSS 4.3EG 4.32026-04-20
A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function create_project/encrypt_auth_settings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Cre…
- CVE-2026-6796MEDIUMCVSS 4.3EG 4.32026-04-21
A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This ma…
- CVE-2026-7163MEDIUMCVSS 5.5EG 6.12026-04-30
A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-scoped privileges to obtain administrative …
- CVE-2026-8026LOWCVSS 3.7EG 3.72026-05-06
A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in…
- CVE-2026-8596HIGHCVSS 7.2EG 7.22026-05-14
Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API …
- CVE-2026-8804MEDIUMCVSS 6.7EG 6.72026-07-03
Puppet resource_api (shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x) does not preserve the sensitive flag on parameters defined via the resource-api, causing values such as passwords to be stored in cleartext in the a…
- CVE-2026-9274MEDIUMCVSS 5.2EG 5.22026-05-25
This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memor…
Map vulnerabilities like CWE-312 to your infrastructure
EchelonGraph correlates every CVE — across CWE-312 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →