Total
119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34025 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges. | |||||
| CVE-2024-33867 | 2024-11-21 | N/A | 4.8 MEDIUM | ||
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is a hardcoded password salt. | |||||
| CVE-2024-33625 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication. | |||||
| CVE-2024-32741 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack the password hash gains root access to the device. | |||||
| CVE-2024-32210 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| The LoMag WareHouse Management application version 1.0.20.120 and older were to utilize hard-coded passwords by default for forms and SQL connections. | |||||
| CVE-2024-2420 | 2024-11-21 | N/A | N/A | ||
| LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements. | |||||
| CVE-2024-2197 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| The Chirp Access app contains a hard-coded password, BEACON_PASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable cannot be used to change the configuration settings of the door readers or locksets and does not affect the ability for authorized users of the mobile application to lock or unlock access points. | |||||
| CVE-2024-29011 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability. This issue affects GMS: 9.3.4 and earlier versions. | |||||
| CVE-2024-28066 | 2024-11-21 | N/A | 8.8 HIGH | ||
| In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password). | |||||
| CVE-2024-28023 | 2024-11-21 | N/A | 5.7 MEDIUM | ||
| A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code. | |||||
| CVE-2024-27488 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful api interface, but the secret is hardcoded by default. | |||||
| CVE-2024-27164 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-26196 | 1 Microsoft | 1 Edge | 2024-11-21 | N/A | 4.3 MEDIUM |
| Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2023-5222 | 1 Viessmann | 2 Vitogate 300, Vitogate 300 Firmware | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240364. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-50948 | 1 Ibm | 1 Storage Fusion Hci | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671. | |||||
| CVE-2023-49963 | 2024-11-21 | N/A | 8.8 HIGH | ||
| DYMO LabelWriter Print Server through 2.366 contains a backdoor hard-coded password that could allow an attacker to take control. | |||||
| CVE-2023-46685 | 1 Level1 | 2 Wbr-6013, Wbr-6013 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A set of specially crafted network packets can lead to arbitrary command execution. | |||||
| CVE-2023-41713 | 1 Sonicwall | 61 Nsa2700, Nsa3700, Nsa4700 and 58 more | 2024-11-21 | N/A | 7.5 HIGH |
| SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function. | |||||
| CVE-2023-41030 | 1 Juplink | 2 Rx4-1500, Rx4-1500 Firmware | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
| Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user. | |||||
| CVE-2023-3237 | 1 Otcms | 1 Otcms | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231508. | |||||