CWE-316
Cleartext Storage of Sensitive Information in Memory
Description
The product stores sensitive information in cleartext in memory.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-52579 | Cri | 0.61 | 9.4 | 0.00 | Jul 11, 2025 | Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the product crashes, or if the programmer does not properly clear the memory before freeing it. | ||
| CVE-2025-50109 | Hig | 0.50 | 7.7 | 0.00 | Jul 11, 2025 | Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere. | ||
| CVE-2025-9970 | Hig | 0.48 | 7.4 | 0.00 | Oct 8, 2025 | Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21. | ||
| CVE-2025-60791 | Med | 0.40 | 6.2 | 0.00 | Oct 27, 2025 | Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory after a failed activation attempt. The keys can be obtained by attaching a debugger or analyzing the… | ||
| CVE-2026-0857 | Med | 0.39 | 6.0 | 0.00 | May 20, 2026 | Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020. | ||
| CVE-2025-42888 | Med | 0.36 | 5.5 | 0.00 | Nov 11, 2025 | SAP GUI for Windows may allow a highly privileged user on the affected client PC to locally access sensitive information stored in process memory during runtime.This vulnerability has a high impact on confidentiality, with no impact on integrity and availability. | ||
| CVE-2025-4618 | Med | 0.29 | — | 0.00 | Nov 14, 2025 | A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Browser self-protection should be enabled to mitigate this issue. | ||
| CVE-2024-9203 | Low | 0.16 | 2.5 | 0.00 | Sep 26, 2024 | A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext storage of sensitive information in memory. An attack has to be approached… | ||
| CVE-2023-23349 | Low | 0.14 | 2.2 | 0.00 | Mar 22, 2024 | Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM extension for Google Chrome is used. To exploit the issue, an attacker must trick a user into… | ||
| CVE-2025-60794 | — | 0.00 | — | 0.00 | Nov 20, 2025 | Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other… | ||
| CVE-2014-2366 | 0.00 | — | 0.01 | Jul 19, 2014 | upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code. |
- risk 0.61cvss 9.4epss 0.00
Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the product crashes, or if the programmer does not properly clear the memory before freeing it.
- risk 0.50cvss 7.7epss 0.00
Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere.
- risk 0.48cvss 7.4epss 0.00
Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21.
- risk 0.40cvss 6.2epss 0.00
Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory after a failed activation attempt. The keys can be obtained by attaching a debugger or analyzing the…
- risk 0.39cvss 6.0epss 0.00
Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020.
- risk 0.36cvss 5.5epss 0.00
SAP GUI for Windows may allow a highly privileged user on the affected client PC to locally access sensitive information stored in process memory during runtime.This vulnerability has a high impact on confidentiality, with no impact on integrity and availability.
- risk 0.29cvss —epss 0.00
A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Browser self-protection should be enabled to mitigate this issue.
- risk 0.16cvss 2.5epss 0.00
A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext storage of sensitive information in memory. An attack has to be approached…
- risk 0.14cvss 2.2epss 0.00
Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM extension for Google Chrome is used. To exploit the issue, an attacker must trick a user into…
- CVE-2025-60794Nov 20, 2025risk 0.00cvss —epss 0.00
Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other…
- CVE-2014-2366Jul 19, 2014risk 0.00cvss —epss 0.01
upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code.