Total
1704 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6912 | 2 Microsoft, Perkinelmer | 2 Windows, Processplus | 2026-06-17 | N/A | 9.8 CRITICAL |
| Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to login remove on all prone installations.This issue affects ProcessPlus: through 1.11.6507.0. | |||||
| CVE-2024-6890 | 1 Journyx | 1 Journyx | 2026-06-17 | N/A | 8.8 HIGH |
| Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password. | |||||
| CVE-2024-6656 | 1 Tnbmobil | 1 Cockpit | 2026-06-17 | N/A | 9.8 CRITICAL |
| Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable. This issue affects Cockpit Software: before v2.13. | |||||
| CVE-2024-6633 | 1 Fortra | 1 Filecatalyst Workflow | 2026-06-17 | N/A | 9.8 CRITICAL |
| The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate installation, has been deprecated, and is not intended for production use per vendor guides. However, users who have not configured FileCatalyst Workflow to use an alternative database per recommendations are vulnerable to attack from any source that can reach the HSQLDB. | |||||
| CVE-2024-6045 | 2026-06-17 | N/A | 8.8 HIGH | ||
| Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware. | |||||
| CVE-2024-5810 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| The WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for unauthenticated attackers to overwrite CSS, update the trial settings, purge the cache, and find attachments. | |||||
| CVE-2024-5764 | 1 Sonatype | 1 Nexus Repository Manager | 2026-06-17 | N/A | 6.5 MEDIUM |
| Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database (SMTP or HTTP proxy credentials, user tokens, tokens, among others). The affected versions relied on a static hard-coded encryption passphrase. While it was possible for an administrator to define an alternate encryption passphrase, it could only be done at first boot and not updated. This issue affects Nexus Repository: from 3.0.0 through 3.72.0. | |||||
| CVE-2024-5722 | 1 Logsign | 1 Unified Secops Platform | 2026-06-17 | N/A | 8.8 HIGH |
| Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP API. The issue results from using a hard-coded cryptographic key. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24170. | |||||
| CVE-2024-5514 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without being recorded in the system logs. | |||||
| CVE-2024-5471 | 1 Zohocorp | 1 Manageengine Ddi Central | 2026-06-17 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys. | |||||
| CVE-2024-5460 | 1 Broadcom | 1 Fabric Operating System | 2026-06-17 | N/A | 8.1 HIGH |
| A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 1 queries to an affected device. | |||||
| CVE-2024-57811 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can login as root over SSH. The root password is hardcoded in the firmware. NOTE: This vulnerability appears in versions that are no longer supported by Eaton. | |||||
| CVE-2024-57790 | 2026-06-17 | N/A | 5.4 MEDIUM | ||
| IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0 was discovered to contain hardcoded root credentials stored in the non-volatile flash memory. This vulnerability allows physically proximate attackers to gain root access via UART or SSH. | |||||
| CVE-2024-57040 | 1 Tp-link | 2 Tl-wr845n, Tl-wr845n Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TP-Link TL-WR845N devices with firmware TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router. NOTE: The supplier has stated that this issue was fixed in firmware versions 250401 or later. | |||||
| CVE-2024-55927 | 1 Xerox | 1 Workplace Suite | 2026-06-17 | N/A | 7.6 HIGH |
| A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading to unauthorized access to sensitive functions. | |||||
| CVE-2024-55557 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials. | |||||
| CVE-2024-55027 | 1 Weintek | 3 Cmt-3072xh2, Cmt-3072xh2 Firmware, Easyweb | 2026-06-17 | N/A | 7.5 HIGH |
| Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db. | |||||
| CVE-2024-55023 | 1 Weintek | 3 Cmt-3072xh2, Cmt-3072xh2 Firmware, Easyweb | 2026-06-17 | N/A | 5.3 MEDIUM |
| Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information. | |||||
| CVE-2024-55021 | 1 Weintek | 3 Cmt-3072xh2, Cmt-3072xh2 Firmware, Easyweb | 2026-06-17 | N/A | 7.5 HIGH |
| Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol. | |||||
| CVE-2024-54750 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: In Ubiquiti's view there is no vulnerability as the Hardcoded Password should be after setup not before. | |||||
