Total
1266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23685 | 1 Openlibraryfoundation | 1 Mod-remote-storage | 2025-05-30 | N/A | 5.3 MEDIUM |
| Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and identifier-types. | |||||
| CVE-2024-23726 | 1 Ubeeinteractive | 2 Ddw365, Ddw365 Firmware | 2025-05-30 | N/A | 8.8 HIGH |
| Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit. | |||||
| CVE-2025-48491 | 2025-05-30 | N/A | N/A | ||
| Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version. | |||||
| CVE-2025-46352 | 2025-05-30 | N/A | N/A | ||
| The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and is visible as a string in the binary responsible for running VNC. This password cannot be altered, allowing anyone with knowledge of it to gain remote access to the panel. Such access could enable an attacker to operate the panel remotely, potentially putting the fire panel into a non-functional state and causing serious safety issues. | |||||
| CVE-2023-51840 | 1 Html-js | 1 Doracms | 2025-05-29 | N/A | 9.8 CRITICAL |
| DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key. | |||||
| CVE-2025-41380 | 2025-05-23 | N/A | N/A | ||
| Iridium Certus 700 version 1.0.1 has an embedded credentials vulnerability in the code. This vulnerability allows a local user to retrieve the SSH hash string. | |||||
| CVE-2024-51547 | 1 Abb | 38 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 35 more | 2025-05-23 | N/A | 9.8 CRITICAL |
| Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
| CVE-2025-2394 | 2025-05-23 | N/A | N/A | ||
| Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure. | |||||
| CVE-2018-8870 | 1 Medtronic | 4 24950 Mycarelink Monitor, 24950 Mycarelink Monitor Firmware, 24952 Mycarelink Monitor and 1 more | 2025-05-22 | 7.2 HIGH | 6.8 MEDIUM |
| Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system. | |||||
| CVE-2019-13543 | 1 Medtronic | 5 Valleylab Exchange Client, Valleylab Ft10 Energy Platform, Valleylab Ft10 Energy Platform Firmware and 2 more | 2025-05-22 | 5.0 MEDIUM | 7.5 HIGH |
| Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device. | |||||
| CVE-2024-23687 | 1 Openlibraryfoundation | 1 Mod-data-export-spring | 2025-05-22 | N/A | 9.1 CRITICAL |
| Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines. | |||||
| CVE-2022-36159 | 1 Contec | 8 Fxa2000, Fxa2000 Firmware, Fxa3000 and 5 more | 2025-05-21 | N/A | 8.8 HIGH |
| Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface and open the telnet port then sniff the traffic or inject any malware. | |||||
| CVE-2025-45746 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-05-21 | N/A | 9.8 CRITICAL |
| In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and because access to the service console does not result in login access or data access in the context of the application software platform. | |||||
| CVE-2022-34441 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | N/A | 9.8 CRITICAL |
| Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | |||||
| CVE-2022-34440 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | N/A | 9.8 CRITICAL |
| Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | |||||
| CVE-2022-34442 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | N/A | 9.8 CRITICAL |
| Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. | |||||
| CVE-2022-34462 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | N/A | 7.8 HIGH |
| Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. | |||||
| CVE-2025-27488 | 1 Microsoft | 12 Windows 10 1809, Windows 10 2004, Windows 10 20h2 and 9 more | 2025-05-19 | N/A | 6.7 MEDIUM |
| Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2023-32145 | 1 Dlink | 4 Dap-1360, Dap-1360 Firmware, Dap-2020 and 1 more | 2025-05-16 | N/A | 8.8 HIGH |
| D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the web-based user interface. The firmware contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-18455. | |||||
| CVE-2023-38995 | 1 Schuhfried | 1 Schuhfried | 2025-05-15 | N/A | 9.8 CRITICAL |
| An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command. | |||||