Total
146 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-7251 | 2026-06-04 | N/A | 9.8 CRITICAL | ||
| Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have full access to all control panel features for the BioFlo 320. VNC traffic is not encrypted. | |||||
| CVE-2026-22054 | 2026-06-04 | N/A | N/A | ||
| Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations. | |||||
| CVE-2026-22055 | 2026-06-04 | N/A | N/A | ||
| Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations. | |||||
| CVE-2025-57175 | 1 Ceragon | 2 Etherhaul-8010fx, Etherhaul-8010fx Firmware | 2026-06-02 | N/A | 6.4 MEDIUM |
| Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b devices have a static root password. | |||||
| CVE-2025-70041 | 2026-05-10 | N/A | 9.8 CRITICAL | ||
| An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master. | |||||
| CVE-2026-8032 | 2026-05-07 | 7.5 HIGH | 7.3 HIGH | ||
| A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMIN_KEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to version 5.7.1 is sufficient to resolve this issue. The affected component should be upgraded. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | |||||
| CVE-2014-5405 | 1 Hospira | 1 Mednet | 2026-05-06 | 9.0 HIGH | N/A |
| Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. | |||||
| CVE-2014-2363 | 1 Morpho | 1 Itemiser 3 | 2026-05-06 | 10.0 HIGH | N/A |
| Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request. | |||||
| CVE-2026-7579 | 2026-05-04 | 7.5 HIGH | 7.3 HIGH | ||
| A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2012-5862 | 1 Sinapsitech | 4 Esolar Duo Photovoltaic System Monitor, Esolar Light Photovoltaic System Monitor, Esolar Photovoltaic System Monitor and 1 more | 2026-04-29 | 10.0 HIGH | N/A |
| These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access. | |||||
| CVE-2025-9309 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2026-04-29 | 1.0 LOW | 2.5 LOW |
| A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made public and could be used. | |||||
| CVE-2026-4475 | 2026-04-29 | 8.3 HIGH | 8.8 HIGH | ||
| A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-2616 | 1 Beetel | 2 777vr1, 777vr1 Firmware | 2026-04-29 | 8.3 HIGH | 8.8 HIGH |
| A vulnerability has been found in Beetel 777VR1 up to 01.00.09. The impacted element is an unknown function of the component Web Management Interface. The manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is advisable to modify the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-6610 | 2026-04-29 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipulation of the argument USER/PASSWORD leads to hard-coded credentials. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-11649 | 1 Furbo | 4 Furbo 360 Dog Camera, Furbo 360 Dog Camera Firmware, Furbo Mini and 1 more | 2026-04-29 | 6.0 MEDIUM | 7.0 HIGH |
| A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been made public and could be used. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-8974 | 1 Linlinjava | 1 Litemall | 2026-04-29 | 2.6 LOW | 3.7 LOW |
| A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHelper.java of the component JSON Web Token Handler. The manipulation of the argument SECRET with the input X-Litemall-Token leads to hard-coded credentials. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7079 | 1 Mao888 | 1 Bluebell-plus | 2026-04-29 | 2.6 LOW | 3.7 LOW |
| A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebell_backend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plus leads to use of hard-coded password. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7577 | 2026-04-29 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16. It has been classified as problematic. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-11284 | 2026-04-29 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of the component HTTP Header Handler. The manipulation of the argument Authorization leads to use of hard-coded password. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-13252 | 2026-04-29 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Affected by this issue is some unknown functionality of the component RSA/OAuth2/Database. The manipulation results in hard-coded credentials. The attack can be executed remotely. The exploit has been made public and could be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. | |||||