Total
1381 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42980 | 1 Go-admin | 1 Go-admin | 2025-05-10 | N/A | 9.8 CRITICAL |
| go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key. | |||||
| CVE-2022-42176 | 1 Pctechsoft | 1 Pcsecure | 2025-05-08 | N/A | 7.8 HIGH |
| In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access. | |||||
| CVE-2025-47730 | 2025-05-08 | N/A | 4.8 MEDIUM | ||
| The TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an authentication token) from the TM SGNL (aka Archive Signal) app with the credentials of logfile for the user and enRR8UVVywXYbFkqU#QDPRkO for the password. | |||||
| CVE-2025-20188 | 2025-05-08 | N/A | 10.0 CRITICAL | ||
| A vulnerability in the Out-of-Band Access Point (AP) Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges. Note: For exploitation to be successful, the Out-of-Band AP Image Download feature must be enabled on the device. It is not enabled by default. | |||||
| CVE-2025-4041 | 2025-05-07 | N/A | N/A | ||
| In Optigo Networks ONS NC600 versions 4.2.1-084 through 4.7.2-330, an attacker could connect with the device's ssh server and utilize the system's components to perform OS command executions. | |||||
| CVE-2022-37710 | 1 Pattersondental | 1 Eaglesoft | 2025-05-02 | N/A | 7.8 HIGH |
| Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or EXE file. | |||||
| CVE-2025-23179 | 2025-05-02 | N/A | 5.5 MEDIUM | ||
| CWE-798: Use of Hard-coded Credentials | |||||
| CVE-2025-32889 | 2025-05-02 | N/A | 7.3 HIGH | ||
| An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The verification token used for sending SMS through a goTenna server is hardcoded in the app. | |||||
| CVE-2025-32888 | 2025-05-02 | N/A | 7.3 HIGH | ||
| An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The verification token used for sending SMS through a goTenna server is hardcoded in the app. | |||||
| CVE-2024-40410 | 1 Cybelesoft | 1 Thinfinity Workspace | 2025-05-01 | N/A | 4.8 MEDIUM |
| Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptographic key used for encryption. | |||||
| CVE-2025-32985 | 2025-04-29 | N/A | 9.8 CRITICAL | ||
| NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files. | |||||
| CVE-2025-2765 | 2025-04-29 | N/A | 7.6 HIGH | ||
| CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the wireless hotspot. The issue results from the use of hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-24349. | |||||
| CVE-2025-46274 | 2025-04-29 | N/A | 9.8 CRITICAL | ||
| UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to read, manipulate and create entries in the managed database. | |||||
| CVE-2025-46617 | 2025-04-29 | N/A | 7.2 HIGH | ||
| Quantum StorNext Web GUI API before 7.2.4 grants access to internal StorNext configuration and unauthorized modification of some software configuration parameters via undocumented user credentials. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and ActiveScale Cold Storage. | |||||
| CVE-2025-46273 | 2025-04-29 | N/A | 9.8 CRITICAL | ||
| UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to gain administrative privileges to all UNI-NMS managed devices. | |||||
| CVE-2022-44096 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-25 | N/A | 9.8 CRITICAL |
| Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. | |||||
| CVE-2022-44097 | 1 Book Store Management System Project | 1 Book Store Management System | 2025-04-24 | N/A | 9.8 CRITICAL |
| Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. | |||||
| CVE-2022-38337 | 1 Mobatek | 1 Mobaxterm | 2025-04-24 | N/A | 9.1 CRITICAL |
| When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service (DoS) for the user if services like fail2ban are used. | |||||
| CVE-2023-40236 | 1 Pexip | 1 Virtual Meeting Rooms | 2025-04-23 | N/A | 5.3 MEDIUM |
| In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass. | |||||
| CVE-2022-34840 | 1 Buffalo | 18 Hw-450hp-zwe, Hw-450hp-zwe Firmware, Wzr-300hp and 15 more | 2025-04-23 | N/A | 6.5 MEDIUM |
| Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, and WZR-D1100H firmware Ver. 2.00 and earlier. | |||||