Total
1524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30113 | 1 Hella | 2 Dr 820, Dr 820 Firmware | 2025-05-22 | N/A | 9.8 CRITICAL |
| An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exist in the APK for Ports 9091 and 9092. The dashcam's Android application contains hardcoded credentials that allow unauthorized access to device settings through ports 9091 and 9092. These credentials, stored in cleartext, can be exploited by an attacker who gains access to the dashcam's network. | |||||
| CVE-2019-13543 | 1 Medtronic | 5 Valleylab Exchange Client, Valleylab Ft10 Energy Platform, Valleylab Ft10 Energy Platform Firmware and 2 more | 2025-05-22 | 5.0 MEDIUM | 5.8 MEDIUM |
| Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device. | |||||
| CVE-2018-8870 | 1 Medtronic | 4 24950 Mycarelink Monitor, 24950 Mycarelink Monitor Firmware, 24952 Mycarelink Monitor and 1 more | 2025-05-22 | 7.2 HIGH | 6.4 MEDIUM |
| Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system. | |||||
| CVE-2022-36159 | 1 Contec | 8 Fxa2000, Fxa2000 Firmware, Fxa3000 and 5 more | 2025-05-21 | N/A | 8.8 HIGH |
| Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface and open the telnet port then sniff the traffic or inject any malware. | |||||
| CVE-2025-45746 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-05-21 | N/A | 6.5 MEDIUM |
| In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and because access to the service console does not result in login access or data access in the context of the application software platform. | |||||
| CVE-2022-34441 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | N/A | 8.0 HIGH |
| Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | |||||
| CVE-2022-34440 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | N/A | 8.4 HIGH |
| Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | |||||
| CVE-2022-34442 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | N/A | 8.0 HIGH |
| Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. | |||||
| CVE-2022-34462 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | N/A | 8.4 HIGH |
| Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. | |||||
| CVE-2025-27488 | 1 Microsoft | 12 Windows 10 1809, Windows 10 2004, Windows 10 20h2 and 9 more | 2025-05-19 | N/A | 6.7 MEDIUM |
| Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2023-32145 | 1 Dlink | 4 Dap-1360, Dap-1360 Firmware, Dap-2020 and 1 more | 2025-05-16 | N/A | 8.8 HIGH |
| D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the web-based user interface. The firmware contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-18455. | |||||
| CVE-2023-38995 | 1 Schuhfried | 1 Schuhfried | 2025-05-15 | N/A | 9.8 CRITICAL |
| An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command. | |||||
| CVE-2022-41540 | 1 Tp-link | 2 Ax10, Ax10 Firmware | 2025-05-15 | N/A | 5.9 MEDIUM |
| The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attack, and access sensitive information. | |||||
| CVE-2024-13688 | 1 Wpase | 1 Admin And Site Enhancements | 2025-05-14 | N/A | 5.3 MEDIUM |
| The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 uses a hardcoded password in its Password Protection feature, allowing attacker to bypass the protection offered via a crafted request | |||||
| CVE-2023-35724 | 1 Dlink | 2 Dap-2622, Dap-2622 Firmware | 2025-05-13 | N/A | 8.8 HIGH |
| D-Link DAP-2622 Telnet CLI Use of Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CLI service, which listens on TCP port 23. The server program contains hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-20050. | |||||
| CVE-2022-42980 | 1 Go-admin | 1 Go-admin | 2025-05-10 | N/A | 9.8 CRITICAL |
| go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key. | |||||
| CVE-2022-42176 | 1 Pctechsoft | 1 Pcsecure | 2025-05-08 | N/A | 7.8 HIGH |
| In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access. | |||||
| CVE-2025-4041 | 2025-05-07 | N/A | N/A | ||
| In Optigo Networks ONS NC600 versions 4.2.1-084 through 4.7.2-330, an attacker could connect with the device's ssh server and utilize the system's components to perform OS command executions. | |||||
| CVE-2022-37710 | 1 Pattersondental | 1 Eaglesoft | 2025-05-02 | N/A | 7.8 HIGH |
| Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or EXE file. | |||||
| CVE-2025-23179 | 2025-05-02 | N/A | 5.5 MEDIUM | ||
| CWE-798: Use of Hard-coded Credentials | |||||