Vulnerabilities (CVE)

Filtered by CWE-798
Total 1702 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-28778 2 Ibm, Microsoft 3 Cognos Controller, Controller, Windows 2026-06-17 N/A 6.5 MEDIUM
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization.
CVE-2024-28751 2026-06-17 N/A 9.1 CRITICAL
An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.
CVE-2024-28747 2026-06-17 N/A 9.8 CRITICAL
An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.
CVE-2024-28146 2026-06-17 N/A 8.4 HIGH
The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device.
CVE-2024-27774 1 Unitronics 1 Unilogic 2026-06-17 N/A 7.5 HIGH
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware
CVE-2024-27170 2026-06-17 N/A 7.4 HIGH
It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the affected products/models/versions, see the reference URL.
CVE-2024-27168 2026-06-17 N/A 7.1 HIGH
It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL.
CVE-2024-27161 2026-06-17 N/A 6.2 MEDIUM
all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the encryption. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.
CVE-2024-27160 2026-06-17 N/A 6.2 MEDIUM
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.
CVE-2024-27159 2026-06-17 N/A 6.2 MEDIUM
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.
CVE-2024-27107 2026-06-17 N/A 9.6 CRITICAL
Weak account password in GE HealthCare EchoPAC products
CVE-2024-25731 1 Elinksmart 1 Esmartcam 2026-06-17 N/A 7.5 HIGH
The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker who can observe packet data (e.g., over Wi-Fi).
CVE-2024-24681 1 Yealink 1 Configuration Encryption Tool 2026-06-17 N/A 9.8 CRITICAL
An issue was discovered in Yealink Configuration Encrypt Tool (AES version) and Yealink Configuration Encrypt Tool (RSA version before 1.2). There is a single hardcoded key (used to encrypt provisioning documents) across customers' installations.
CVE-2024-24324 1 Totolink 2 A8000ru, A8000ru Firmware 2026-06-17 N/A 9.8 CRITICAL
TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow.
CVE-2024-23958 1 Autel 2 Maxicharger Ac Elite Business C50, Maxicharger Ac Elite Business C50 Firmware 2026-06-17 N/A 6.5 MEDIUM
Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BLE AppAuthenRequest command handler. The handler uses hardcoded credentials as a fallback in case of an authentication request failure. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-23196
CVE-2024-23842 1 Hitron 2 Lguvr-16h, Lguvr-16h Firmware 2026-06-17 N/A 7.4 HIGH
Improper Input Validation in Hitron Systems DVR LGUVR-16H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.
CVE-2024-23816 1 Siemens 1 Location Intelligence 2026-06-17 N/A 9.8 CRITICAL
A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3). Affected products use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application.
CVE-2024-23726 1 Ubeeinteractive 2 Ddw365, Ddw365 Firmware 2026-06-17 N/A 8.8 HIGH
Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit.
CVE-2024-23687 1 Openlibraryfoundation 1 Mod-data-export-spring 2026-06-17 N/A 9.1 CRITICAL
Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines.
CVE-2024-23685 1 Openlibraryfoundation 1 Mod-remote-storage 2026-06-17 N/A 5.3 MEDIUM
Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and identifier-types.