Total
1619 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-20188 | 1 Cisco | 1 Ios Xe | 2025-06-23 | N/A | 10.0 CRITICAL |
|
A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.
This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP file u ...
Show More |
|||||
| CVE-2025-48748 | 1 Netwrix | 1 Directory Manager | 2025-06-23 | N/A | 10.0 CRITICAL |
|
Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password.
|
|||||
| CVE-2024-22853 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
|
D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session.
|
|||||
| CVE-2024-24324 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
|
TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow.
|
|||||
| CVE-2023-49256 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2025-06-20 | N/A | 7.5 HIGH |
|
It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key.
|
|||||
| CVE-2023-49253 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
|
Root user password is hardcoded into the device and cannot be changed in the user interface.
|
|||||
| CVE-2025-32888 | 1 Gotenna | 3 Gotenna, Mesh, Mesh Firmware | 2025-06-20 | N/A | 7.3 HIGH |
|
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The verification token used for sending SMS through a goTenna server is hardcoded in the app.
|
|||||
| CVE-2025-32889 | 1 Gotenna | 3 Gotenna, Mesh, Mesh Firmware | 2025-06-20 | N/A | 7.3 HIGH |
|
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The verification token used for sending SMS through a goTenna server is hardcoded in the app.
|
|||||
| CVE-2024-20280 | 1 Cisco | 1 Ucs Central Software | 2025-06-18 | N/A | 6.3 MEDIUM |
|
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files.
This vulnerability is due to a weakness in the encryption method that is used for the backup function. An attacker could exploit this vulnerability by accessing a backup file and leveraging a static key that is used for the backup configuration feature. A successful exploit could ...
Show More |
|||||
| CVE-2023-39458 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-06-17 | N/A | 5.3 MEDIUM |
|
Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of certificates. The service uses a hard-coded default SSL certificate. An attacker can leverage this vulnerability to bypass authenticatio ...
Show More |
|||||
| CVE-2023-50974 | 1 Appwrite | 1 Command Line Interface | 2025-06-17 | N/A | 5.5 MEDIUM |
|
In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials.
|
|||||
| CVE-2025-35940 | 2025-06-12 | N/A | 8.1 HIGH | ||
|
The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints.
|
|||||
| CVE-2024-50564 | 1 Fortinet | 1 Forticlient | 2025-06-11 | N/A | 3.3 LOW |
|
A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped.
|
|||||
| CVE-2025-36572 | 1 Dell | 12 Powerstore 1000t, Powerstore 1200t, Powerstore 3000t and 9 more | 2025-06-09 | N/A | 6.5 MEDIUM |
|
Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to gain unauthorized access based on the hardcoded account's privileges.
|
|||||
| CVE-2025-3321 | 2025-06-06 | N/A | N/A | ||
|
A predefined administrative account is not documented and cannot
be deactivated. This account cannot be misused from the network, only by local
users on the server.
|
|||||
| CVE-2024-23453 | 1 Spooncast | 1 Spoon | 2025-06-04 | N/A | 5.5 MEDIUM |
|
Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service.
|
|||||
| CVE-2025-5164 | 1 Perfree | 1 Perfreeblog | 2025-06-03 | 2.6 LOW | 3.7 LOW |
|
A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key
. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-37608 | 1 Automaticsystems | 2 Soc Fl9600 Firstlane, Soc Fl9600 Firstlane Firmware | 2025-06-03 | N/A | 7.5 HIGH |
|
An issue in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password.
|
|||||
| CVE-2025-5379 | 2025-06-02 | 4.0 MEDIUM | 4.3 MEDIUM | ||
|
A vulnerability classified as critical was found in NuCom NC-WR744G 8.5.5 Build 20200530.307. This vulnerability affects unknown code of the component Console Application. The manipulation of the argument CMCCAdmin/useradmin/CUAdmin leads to hard-coded credentials. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-36782 | 1 Totolink | 2 Cp300, Cp300 Firmware | 2025-05-30 | N/A | 9.8 CRITICAL |
|
TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
|
|||||
| CVE-2025-48491 | 2025-05-30 | N/A | N/A | ||
|
Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version.
|
|||||
| CVE-2025-4633 | 2025-05-30 | N/A | 6.5 MEDIUM | ||
|
Default credentials were present in the web portal for Airpointer 2.4.107-2, allowing an unauthenticated malicious actor to log in via the web portal
|
|||||
| CVE-2025-46352 | 2025-05-30 | N/A | 9.8 CRITICAL | ||
|
The CS5000 Fire Panel is vulnerable due to a hard-coded password that
runs on a VNC server and is visible as a string in the binary
responsible for running VNC. This password cannot be altered, allowing
anyone with knowledge of it to gain remote access to the panel. Such
access could enable an attacker to operate the panel remotely,
potentially putting the fire panel into a non-functional state and
causing serious safety issues.
|
|||||
| CVE-2021-41320 | 1 Iongroup | 1 Wallstreet Suite | 2025-05-30 | 2.1 LOW | 5.5 MEDIUM |
|
A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with higher privilege than the average authenticated user. NOTE: the vendor disputes this because the password is not hardcoded (it can be changed during installation or at any later time).
|
|||||
| CVE-2019-7161 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-05-30 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.
|
|||||
| CVE-2024-23726 | 1 Ubeeinteractive | 2 Ddw365, Ddw365 Firmware | 2025-05-30 | N/A | 8.8 HIGH |
|
Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit.
|
|||||
| CVE-2024-28809 | 1 Nokia | 2 Hit 7300, Hit 7300 Firmware | 2025-05-30 | N/A | 8.8 HIGH |
|
An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credentials.
|
|||||
| CVE-2024-28812 | 1 Nokia | 2 Hit 7300, Hit 7300 Firmware | 2025-05-30 | N/A | 8.8 HIGH |
|
An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service (on the local management network interface) with hardcoded credentials allows attackers to access the appliance operating system (with highest privileges) via an SSH connection.
|
|||||
| CVE-2023-51840 | 1 Html-js | 1 Doracms | 2025-05-29 | N/A | 9.8 CRITICAL |
|
DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.
|
|||||
| CVE-2024-37630 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2025-05-29 | N/A | 8.8 HIGH |
|
D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded password vulnerability in /etc/passwd, which allows attackers to log in as root.
|
|||||
| CVE-2024-50690 | 1 Sungrowpower | 2 Winet-s, Winet-s Firmware | 2025-05-29 | N/A | 6.5 MEDIUM |
|
SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be used to decrypt all firmware updates.
|
|||||
| CVE-2024-50692 | 1 Sungrowpower | 2 Winet-s, Winet-s Firmware | 2025-05-29 | N/A | 5.4 MEDIUM |
|
SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communications are vulnerable to MitM attacks at the TCP/IP level.
|
|||||
| CVE-2025-32985 | 1 Netscout | 1 Ngeniusone | 2025-05-27 | N/A | 9.8 CRITICAL |
|
NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files.
|
|||||
| CVE-2024-42637 | 1 H3c | 2 R3010, R3010 Firmware | 2025-05-27 | N/A | 9.8 CRITICAL |
|
H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
|
|||||
| CVE-2024-53357 | 1 Easyvirt | 2 Co2scope, Dcscope | 2025-05-24 | N/A | 7.5 HIGH |
|
Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/updatealiasroute; (4) delete users via the /api/user/delalias route; (4) get users via the /api/user/aliases route; (5) add a root group via the /api/user/adduserroute; (6) modifiy a group via the /api/user/updateuser route; (7) delete a group via the /a ...
Show More |
|||||
| CVE-2025-41380 | 2025-05-23 | N/A | N/A | ||
|
Iridium Certus 700 version 1.0.1 has an embedded credentials vulnerability in the code. This vulnerability allows a local user to retrieve the SSH hash string.
|
|||||
| CVE-2024-53356 | 1 Easyvirt | 2 Co2scope, Dcscope | 2025-05-23 | N/A | 9.8 CRITICAL |
|
Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret used for generating tokens is hardcoded as "somerandomaccesstoken". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application.
|
|||||
| CVE-2024-51547 | 1 Abb | 38 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 35 more | 2025-05-23 | N/A | 9.8 CRITICAL |
|
Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
|
|||||
| CVE-2025-30113 | 1 Hella | 2 Dr 820, Dr 820 Firmware | 2025-05-22 | N/A | 9.8 CRITICAL |
|
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exist in the APK for Ports 9091 and 9092. The dashcam's Android application contains hardcoded credentials that allow unauthorized access to device settings through ports 9091 and 9092. These credentials, stored in cleartext, can be exploited by an attacker who gains access to the dashcam's network.
|
|||||
| CVE-2019-13543 | 1 Medtronic | 5 Valleylab Exchange Client, Valleylab Ft10 Energy Platform, Valleylab Ft10 Energy Platform Firmware and 2 more | 2025-05-22 | 5.0 MEDIUM | 5.8 MEDIUM |
|
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device.
|
|||||