Total
1366 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22768 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-11-21 | N/A | 7.4 HIGH |
| Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
| CVE-2024-22313 | 1 Ibm | 1 Storage Defender Resiliency Service | 2024-11-21 | N/A | 6.2 MEDIUM |
| IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749. | |||||
| CVE-2024-21764 | 1 Rapidscada | 1 Rapid Scada | 2024-11-21 | N/A | 9.8 CRITICAL |
| In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port. | |||||
| CVE-2024-1661 | 1 Totolink | 1 X6000r Firmware | 2024-11-21 | 1.0 LOW | 2.5 LOW |
| A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-1228 | 1 Eurosoft | 1 Przychodnia | 2024-11-21 | N/A | 9.8 CRITICAL |
| Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Eurosoft Przychodnia installations. This issue affects Eurosoft Przychodnia software before version 20240417.001 (from that version vulnerability is fixed). | |||||
| CVE-2024-0865 | 1 Schneider-electric | 1 Ecostruxure It Gateway | 2024-11-21 | N/A | 7.8 HIGH |
| CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user. | |||||
| CVE-2023-6482 | 1 Synaptics | 1 Fingerprint Driver | 2024-11-21 | N/A | 5.2 MEDIUM |
| Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database. | |||||
| CVE-2023-6198 | 2024-11-21 | N/A | 9.3 CRITICAL | ||
| Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User Passwords modules) allows unauthorized access to the device. | |||||
| CVE-2023-5777 | 1 Weintek | 1 Easybuilder Pro | 2024-11-21 | N/A | 9.8 CRITICAL |
| Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server. | |||||
| CVE-2023-5318 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A | 7.5 HIGH |
| Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0. | |||||
| CVE-2023-5074 | 1 Dlink | 1 D-view 8 | 2024-11-21 | N/A | 9.8 CRITICAL |
| Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28 | |||||
| CVE-2023-52723 | 2024-11-21 | N/A | 7.1 HIGH | ||
| In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value. | |||||
| CVE-2023-51840 | 1 Html-js | 1 Doracms | 2024-11-21 | N/A | 9.8 CRITICAL |
| DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key. | |||||
| CVE-2023-51588 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of a MySQL instance. The issue results from hardcoded database credentials. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22075. | |||||
| CVE-2023-50974 | 1 Appwrite | 1 Command Line Interface | 2024-11-21 | N/A | 5.5 MEDIUM |
| In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials. | |||||
| CVE-2023-50948 | 1 Ibm | 1 Storage Fusion Hci | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671. | |||||
| CVE-2023-50124 | 1 Flient | 2 Smart Lock Advanced, Smart Lock Advanced Firmware | 2024-11-21 | N/A | 6.8 MEDIUM |
| Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials on a debug interface, in combination with certain design choices, an attacker can unlock the Flient Smart Door Lock by replacing the fingerprint that is stored on the scanner. | |||||
| CVE-2023-4419 | 1 Sick | 6 Lms500, Lms500 Firmware, Lms511 and 3 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device. | |||||
| CVE-2023-4204 | 1 Moxa | 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware | 2024-11-21 | N/A | 5.4 MEDIUM |
| NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation. | |||||
| CVE-2023-49256 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key. | |||||