Total
1498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41397 | 1 Sage | 1 Sage 300 | 2025-01-31 | 9.8 Critical |
| The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables. | ||||
| CVE-2023-37936 | 1 Fortinet | 1 Fortiswitch | 2025-01-31 | 9.6 Critical |
| A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests. | ||||
| CVE-2022-41399 | 1 Sage | 1 Sage 300 | 2025-01-31 | 7.5 High |
| The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database. | ||||
| CVE-2022-41398 | 1 Sage | 1 Sage 300 | 2025-01-31 | 7.5 High |
| The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information. | ||||
| CVE-2023-27921 | 1 Jins | 2 Jins Meme, Jins Meme Firmware | 2025-01-31 | 6.5 Medium |
| JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker. | ||||
| CVE-2022-41400 | 1 Sage | 1 Sage 300 | 2025-01-30 | 9.8 Critical |
| Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings. | ||||
| CVE-2023-26089 | 1 Echa.europa | 1 Iuclid | 2025-01-30 | 9.8 Critical |
| European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5. | ||||
| CVE-2024-49806 | 1 Ibm | 1 Security Verify Access | 2025-01-29 | 9.4 Critical |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | ||||
| CVE-2024-49805 | 1 Ibm | 1 Security Verify Access | 2025-01-29 | 9.4 Critical |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | ||||
| CVE-2024-31873 | 1 Ibm | 1 Security Verify Access | 2025-01-28 | 7.5 High |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317. | ||||
| CVE-2023-30354 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2025-01-27 | 9.8 Critical |
| Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access. | ||||
| CVE-2023-30352 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2025-01-27 | 9.8 Critical |
| Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for the RTSP feed. | ||||
| CVE-2023-30351 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2025-01-27 | 7.5 High |
| Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to the TELNET service (or UART) by using the exposed credentials. | ||||
| CVE-2024-46505 | 2025-01-23 | 9.1 Critical | ||
| Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities. | ||||
| CVE-2023-4539 | 1 Comarch | 1 Erp Xl | 2025-01-23 | 7.5 High |
| Use of a hard-coded password for a special database account created during Comarch ERP XL installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Comarch ERP XL installations. This issue affects ERP XL: from 2020.2.2 through 2023.2. | ||||
| CVE-2023-33236 | 1 Moxa | 1 Mxsecurity | 2025-01-21 | 9.8 Critical |
| MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs. | ||||
| CVE-2024-45832 | 2025-01-17 | 4.3 Medium | ||
| Hard-coded credentials were included as part of the application binary. These credentials served as part of the application authentication flow and communication with the mobile application. An attacker could access unauthorized information. | ||||
| CVE-2023-27512 | 1 Contec | 4 Sv-cpt-mc310, Sv-cpt-mc310 Firmware, Sv-cpt-mc310f and 1 more | 2025-01-17 | 7.2 High |
| Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation. | ||||
| CVE-2022-45444 | 1 Sewio | 1 Real-time Location System Studio | 2025-01-16 | 10 Critical |
| Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the application’s database. This could allow a remote attacker to login to the database with unrestricted access. | ||||
| CVE-2022-3089 | 1 Echelon | 2 I.lon Vision, Smartserver | 2025-01-16 | 6.3 Medium |
| Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) server. | ||||