Total
1401 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-42176 | 1 Pctechsoft | 1 Pcsecure | 2025-05-08 | 7.8 High |
| In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access. | ||||
| CVE-2025-47730 | 2025-05-08 | 4.8 Medium | ||
| The TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an authentication token) from the TM SGNL (aka Archive Signal) app with the credentials of logfile for the user and enRR8UVVywXYbFkqU#QDPRkO for the password. | ||||
| CVE-2025-20188 | 2025-05-08 | 10 Critical | ||
| A vulnerability in the Out-of-Band Access Point (AP) Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges. Note: For exploitation to be successful, the Out-of-Band AP Image Download feature must be enabled on the device. It is not enabled by default. | ||||
| CVE-2025-4041 | 2025-05-07 | N/A | ||
| In Optigo Networks ONS NC600 versions 4.2.1-084 through 4.7.2-330, an attacker could connect with the device's ssh server and utilize the system's components to perform OS command executions. | ||||
| CVE-2022-38117 | 1 Juiker | 1 Juiker | 2025-05-07 | 5.5 Medium |
| Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it. | ||||
| CVE-2021-4228 | 1 Lannerinc | 2 Iac-ast2500, Iac-ast2500 Firmware | 2025-05-05 | 5.8 Medium |
| Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0. | ||||
| CVE-2024-29063 | 1 Microsoft | 1 Azure Ai Search | 2025-05-03 | 7.3 High |
| Azure AI Search Information Disclosure Vulnerability | ||||
| CVE-2022-37710 | 1 Pattersondental | 1 Eaglesoft | 2025-05-02 | 7.8 High |
| Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or EXE file. | ||||
| CVE-2025-23179 | 2025-05-02 | 5.5 Medium | ||
| CWE-798: Use of Hard-coded Credentials | ||||
| CVE-2025-32889 | 2025-05-02 | 7.3 High | ||
| An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The verification token used for sending SMS through a goTenna server is hardcoded in the app. | ||||
| CVE-2025-32888 | 2025-05-02 | 7.3 High | ||
| An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The verification token used for sending SMS through a goTenna server is hardcoded in the app. | ||||
| CVE-2021-34577 | 1 Kadenvodomery | 2 Picoflux Air, Picoflux Air Firmware | 2025-05-01 | 6.5 Medium |
| In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device. | ||||
| CVE-2024-40410 | 1 Cybelesoft | 1 Thinfinity Workspace | 2025-05-01 | 4.8 Medium |
| Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptographic key used for encryption. | ||||
| CVE-2022-40263 | 1 Bd | 2 Totalys Multiprocessor, Totalys Multiprocessor Firmware | 2025-04-30 | 6.6 Medium |
| BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). Customers using BD Totalys MultiProcessor version 1.70 with Microsoft Windows 10 have additional operating system hardening configurations which increase the attack complexity required to exploit this vulnerability. | ||||
| CVE-2023-36013 | 1 Microsoft | 1 Powershell | 2025-04-29 | 6.5 Medium |
| PowerShell Information Disclosure Vulnerability | ||||
| CVE-2025-32985 | 2025-04-29 | 9.8 Critical | ||
| NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files. | ||||
| CVE-2025-2765 | 2025-04-29 | N/A | ||
| CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the wireless hotspot. The issue results from the use of hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-24349. | ||||
| CVE-2025-46274 | 2025-04-29 | 9.8 Critical | ||
| UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to read, manipulate and create entries in the managed database. | ||||
| CVE-2025-46617 | 2025-04-29 | 7.2 High | ||
| Quantum StorNext Web GUI API before 7.2.4 grants access to internal StorNext configuration and unauthorized modification of some software configuration parameters via undocumented user credentials. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and ActiveScale Cold Storage. | ||||
| CVE-2025-46273 | 2025-04-29 | 9.8 Critical | ||
| UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to gain administrative privileges to all UNI-NMS managed devices. | ||||