Vulnerabilities (CVE)

Filtered by CWE-798
Total 1704 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-4740 1 Moxa 1 Mxsecurity 2026-06-17 N/A 5.3 MEDIUM
MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data.
CVE-2024-4708 1 Myscada 1 Mypro 2026-06-17 N/A 9.8 CRITICAL
mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.
CVE-2024-49806 1 Ibm 1 Security Verify Access 2026-06-17 N/A 9.4 CRITICAL
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CVE-2024-49805 1 Ibm 1 Security Verify Access 2026-06-17 N/A 9.4 CRITICAL
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CVE-2024-49060 1 Microsoft 1 Azure Stack Hci 2026-06-17 N/A 8.8 HIGH
Azure Stack HCI Elevation of Privilege Vulnerability
CVE-2024-48971 2026-06-17 N/A 9.3 CRITICAL
The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges.
CVE-2024-48842 2026-06-17 N/A 7.0 HIGH
Use of Hard-coded Credentials vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5 and newer versions
CVE-2024-48539 2026-06-17 N/A 9.8 CRITICAL
Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism.
CVE-2024-48192 1 Tenda 2 G3, G3 Firmware 2026-06-17 N/A 8.0 HIGH
Tenda G3 v15.01.0.5(2848_755)_EN was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root
CVE-2024-48126 2026-06-17 N/A 9.8 CRITICAL
HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access.
CVE-2024-48007 1 Dell 1 Recoverpoint For Virtual Machines 2026-06-17 N/A 5.3 MEDIUM
Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to gaining access to unauthorized data.
CVE-2024-46508 1 Yeti-platform 1 Yeti 2026-06-17 N/A 7.5 HIGH
yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed (by setting YETI_AUTH_SECRET_KEY to a value other than SECRET).
CVE-2024-46505 2026-06-17 N/A 9.1 CRITICAL
Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities.
CVE-2024-46436 1 Tenda 2 W18e, W18e Firmware 2026-06-17 N/A 8.3 HIGH
Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service.
CVE-2024-46433 1 Tenda 2 W18e, W18e Firmware 2026-06-17 N/A 8.8 HIGH
A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges.
CVE-2024-46429 1 Tenda 2 W18e, W18e Firmware 2026-06-17 N/A 8.8 HIGH
A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges.
CVE-2024-45861 1 Kastle 2 Access Control System, Access Control System Firmware 2026-06-17 N/A 7.5 HIGH
Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information.
CVE-2024-45832 2026-06-17 N/A 4.3 MEDIUM
Hard-coded credentials were included as part of the application binary. These credentials served as part of the application authentication flow and communication with the mobile application. An attacker could access unauthorized information.
CVE-2024-45698 1 Dlink 2 Dir-x4860, Dir-x4860 Firmware 2026-06-17 N/A 9.8 CRITICAL
Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device.
CVE-2024-45656 1 Ibm 56 Ess 5000 \(5105-22e\), Ess 5000 \(5105-22e\) Firmware, Power System E1080 \(9080-hex\) and 53 more 2026-06-17 N/A 9.8 CRITICAL
IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP.