Skip to main content

CWE-313

Cleartext Storage in a File or on Disk

20 CVEs Avg CVSS 6.0 MITRE
0
CRITICAL
4
HIGH
15
MEDIUM
1
LOW
3
POC
0
KEV

Monthly

CVE-2026-8804 MEDIUM This Month

Cleartext storage of sensitive parameters in Puppet's resource_api module (versions 1.5.0-1.9.1 and 2.0.0) causes passwords and other credential values to persist unmasked in the Puppet agent's local transaction state cache. The sensitive flag - intended to prevent exactly this exposure - is silently dropped during resource_api parameter processing, meaning any resource type built on this API and declaring sensitive parameters leaks those values to the cache filesystem. No public exploit exists and this is not listed in CISA KEV, but the confidentiality impact is high for environments where Puppet manages secrets such as database passwords or API tokens.

Information Disclosure Puppet Core Puppet Enterprise
NVD VulDB
CVSS 4.0
6.7
EPSS
0.1%
CVE-2026-52783 HIGH PATCH This Week

Cleartext credential disclosure in OpenProject's Storages module (versions prior to 17.3.3 and 17.4.1) writes the userless OneDrive/SharePoint OAuth access_token in plaintext to Rails.cache under the deterministic key storage.<id>.httpx_access_token, refreshed by an hourly cron and every userless-OAuth call. Because none of the supported cache backends (file_store, memcache, redis) encrypts at rest, an attacker who can read the cache backend retrieves the Azure-AD application-tier bearer token via an anonymous memcached/Redis get. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.

Redis Microsoft Information Disclosure Openproject
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-24349 HIGH CISA Act Now

Sensitive key material extraction is possible in Siemens SIMATIC WinCC Unified PC Runtime versions V16 through V21 (prior to V21 Update 2) due to insufficient protection in the WinCC Certificate Manager component. A local attacker on an affected HMI/SCADA workstation could harvest cryptographic key material that protects operator certificates, potentially enabling impersonation or downstream attacks against industrial control networks. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Information Disclosure Simatic Wincc Unified Pc Runtime V16 Simatic Wincc Unified Pc Runtime V17 Simatic Wincc Unified Pc Runtime V18 Simatic Wincc Unified Pc Runtime V19 +2
NVD
CVSS 4.0
8.2
EPSS
0.0%
CVE-2025-4397 MEDIUM This Month

Medtronic MyCareLink Patient Monitor stores per-product credentials in a recoverable (non-hashed or weakly encrypted) format, allowing physical attackers with device access to extract these credentials and modify encrypted drive data without authentication. Affected models include the 24950 and 24952 monitors. The vulnerability requires physical access to the device (CVSS AV:P) but grants full confidentiality, integrity, and availability impact to stored patient data.

Information Disclosure Mycarelink Patient Monitor 24950 Mycarelink Patient Monitor 24952
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-6796 MEDIUM This Month

A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext storage in a file or on disk. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Information Disclosure Java
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-6598 PyPI LOW POC PATCH Monitor

Langflow up to version 1.8.3 stores authentication settings in cleartext on disk when processing project creation requests, allowing authenticated remote attackers to read sensitive credentials. The vulnerability exists in the create_project/encrypt_auth_settings function within the Project Creation Endpoint, where the auth_settings parameter bypasses encryption despite the function's intent. Publicly available exploit code exists, and the vendor has not released a patch or responded to disclosure notices.

Information Disclosure Langflow
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5531 MEDIUM POC This Month

SourceCodester Student Result Management System 1.0 stores authentication credentials in cleartext within an HTTP-accessible file (/login_credentials.txt), allowing unauthenticated remote attackers to retrieve sensitive login information with low complexity. The vulnerability has publicly available exploit code and carries a CVSS 5.3 score reflecting confidentiality impact without integrity or availability compromise.

Information Disclosure Student Result Management System
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-64305 MEDIUM This Month

MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal. [CVSS 6.5 MEDIUM]

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-49762 PHP MEDIUM PATCH This Month

Pterodactyl is a free, open-source game server management panel. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-20448 HIGH This Week

A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nexus Dashboard Fabric Controller
NVD
CVSS 3.1
8.6
EPSS
0.1%
EPSS 0% CVSS 6.7
MEDIUM This Month

Cleartext storage of sensitive parameters in Puppet's resource_api module (versions 1.5.0-1.9.1 and 2.0.0) causes passwords and other credential values to persist unmasked in the Puppet agent's local transaction state cache. The sensitive flag - intended to prevent exactly this exposure - is silently dropped during resource_api parameter processing, meaning any resource type built on this API and declaring sensitive parameters leaks those values to the cache filesystem. No public exploit exists and this is not listed in CISA KEV, but the confidentiality impact is high for environments where Puppet manages secrets such as database passwords or API tokens.

Information Disclosure Puppet Core Puppet Enterprise
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Cleartext credential disclosure in OpenProject's Storages module (versions prior to 17.3.3 and 17.4.1) writes the userless OneDrive/SharePoint OAuth access_token in plaintext to Rails.cache under the deterministic key storage.<id>.httpx_access_token, refreshed by an hourly cron and every userless-OAuth call. Because none of the supported cache backends (file_store, memcache, redis) encrypts at rest, an attacker who can read the cache backend retrieves the Azure-AD application-tier bearer token via an anonymous memcached/Redis get. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.

Redis Microsoft Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 8.2
HIGH Act Now

Sensitive key material extraction is possible in Siemens SIMATIC WinCC Unified PC Runtime versions V16 through V21 (prior to V21 Update 2) due to insufficient protection in the WinCC Certificate Manager component. A local attacker on an affected HMI/SCADA workstation could harvest cryptographic key material that protects operator certificates, potentially enabling impersonation or downstream attacks against industrial control networks. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Information Disclosure Simatic Wincc Unified Pc Runtime V16 Simatic Wincc Unified Pc Runtime V17 +4
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Medtronic MyCareLink Patient Monitor stores per-product credentials in a recoverable (non-hashed or weakly encrypted) format, allowing physical attackers with device access to extract these credentials and modify encrypted drive data without authentication. Affected models include the 24950 and 24952 monitors. The vulnerability requires physical access to the device (CVSS AV:P) but grants full confidentiality, integrity, and availability impact to stored patient data.

Information Disclosure Mycarelink Patient Monitor 24950 Mycarelink Patient Monitor 24952
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext storage in a file or on disk. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Information Disclosure Java
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Langflow up to version 1.8.3 stores authentication settings in cleartext on disk when processing project creation requests, allowing authenticated remote attackers to read sensitive credentials. The vulnerability exists in the create_project/encrypt_auth_settings function within the Project Creation Endpoint, where the auth_settings parameter bypasses encryption despite the function's intent. Publicly available exploit code exists, and the vendor has not released a patch or responded to disclosure notices.

Information Disclosure Langflow
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SourceCodester Student Result Management System 1.0 stores authentication credentials in cleartext within an HTTP-accessible file (/login_credentials.txt), allowing unauthenticated remote attackers to retrieve sensitive login information with low complexity. The vulnerability has publicly available exploit code and carries a CVSS 5.3 score reflecting confidentiality impact without integrity or availability compromise.

Information Disclosure Student Result Management System
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal. [CVSS 6.5 MEDIUM]

Information Disclosure
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Pterodactyl is a free, open-source game server management panel. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
EPSS 0% CVSS 8.6
HIGH This Week

A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nexus Dashboard Fabric Controller
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy