Total
1702 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39582 | 1 Dell | 1 Insightiq | 2026-06-17 | N/A | 2.3 LOW |
| Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | |||||
| CVE-2024-39374 | 1 Markoni | 4 Markoni-d \(compact\), Markoni-d \(compact\) Firmware, Markoni-dh \(exciter\+amplifiers\) and 1 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| TELSAT marKoni FM Transmitters are vulnerable to an attacker exploiting a hidden admin account that can be accessed through the use of hard-coded credentials. | |||||
| CVE-2024-39208 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials. | |||||
| CVE-2024-38648 | 1 Ivanti | 1 Desktop \& Server Management | 2026-06-17 | N/A | 5.7 MEDIUM |
| A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials. | |||||
| CVE-2024-38480 | 2026-06-17 | N/A | 4.0 MEDIUM | ||
| "Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this vulnerability. | |||||
| CVE-2024-38466 | 1 Guoxinled | 1 Synthesis Image System | 2026-06-17 | N/A | 9.8 CRITICAL |
| Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password. | |||||
| CVE-2024-38281 | 1 Motorola | 2 Vigilant Fixed Lpr Coms Box, Vigilant Fixed Lpr Coms Box Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the device. | |||||
| CVE-2024-37630 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded password vulnerability in /etc/passwd, which allows attackers to log in as root. | |||||
| CVE-2024-36782 | 1 Totolink | 2 Cp300, Cp300 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | |||||
| CVE-2024-36556 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h, and Forever KidsWatch Call Me 2 KW60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b have a Hardcoded password vulnerability. | |||||
| CVE-2024-36496 | 2026-06-17 | N/A | 7.5 HIGH | ||
| The configuration file is encrypted with a static key derived from a static five-character password which allows an attacker to decrypt this file. The application hashes this five-character password with the outdated and broken MD5 algorithm (no salt) and uses the first five bytes as the key for RC4. The configuration file is then encrypted with these parameters. | |||||
| CVE-2024-36480 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and earlier. If this vulnerability is exploited, an attacker may obtain LocalSystem Account of the PC where the product is installed. As a result, unintended operations may be performed on the PC. | |||||
| CVE-2024-36248 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | |||||
| CVE-2024-36049 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write access to personally identifiable information (PII) and especially payroll data and the ability to impersonate legitimate users with respect to the audit log. | |||||
| CVE-2024-35396 | 1 Totolink | 2 Cp900l, Cp900l Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root. | |||||
| CVE-2024-35338 | 1 Tendacn | 2 I29, I29 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root. | |||||
| CVE-2024-35244 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | |||||
| CVE-2024-35118 | 1 Ibm | 1 Maas360 Mdm | 2026-06-17 | N/A | 4.6 MEDIUM |
| IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device. | |||||
| CVE-2024-34219 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2026-06-17 | N/A | 8.6 HIGH |
| TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet. | |||||
| CVE-2024-33895 | 1 Hms-networks | 7 Ewon Cosy\+ 4g Apac, Ewon Cosy\+ 4g Eu, Ewon Cosy\+ 4g Jp and 4 more | 2026-06-17 | N/A | 6.6 MEDIUM |
| Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. This is fixed in version 21.2s10 and 22.1s3, the key is now unique per device. | |||||
