Total
1704 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5074 | 1 Dlink | 1 D-view 8 | 2026-06-17 | N/A | 9.8 CRITICAL |
| Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28 | |||||
| CVE-2023-53983 | 1 Ateme | 6 Flamingo Xl, Flamingo Xl Firmware, Flamingo Xs and 3 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| Anevia Flamingo XL/XS 3.6.20 contains a critical vulnerability with weak default administrative credentials that can be easily guessed. Attackers can leverage these hard-coded credentials to gain full remote system control without complex authentication mechanisms. | |||||
| CVE-2023-52723 | 2026-06-17 | N/A | 7.1 HIGH | ||
| In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value. | |||||
| CVE-2023-51840 | 1 Html-js | 1 Doracms | 2026-06-17 | N/A | 9.8 CRITICAL |
| DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key. | |||||
| CVE-2023-51638 | 1 Alltena | 1 Allegra | 2026-06-17 | N/A | 9.8 CRITICAL |
| Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a database. The issue results from the use of a hardcoded password. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-22360. | |||||
| CVE-2023-51629 | 1 Dlink | 2 Dcs-8300lhv2, Dcs-8300lhv2 Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the ONVIF API. The issue results from the use of a hardcoded PIN. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21492. | |||||
| CVE-2023-51588 | 1 Voltronicpower | 1 Viewpower | 2026-06-17 | N/A | 7.8 HIGH |
| Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of a MySQL instance. The issue results from hardcoded database credentials. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22075. | |||||
| CVE-2023-50974 | 1 Appwrite | 1 Command Line Interface | 2026-06-17 | N/A | 5.5 MEDIUM |
| In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials. | |||||
| CVE-2023-50948 | 1 Ibm | 1 Storage Fusion Hci | 2026-06-17 | N/A | 6.5 MEDIUM |
| IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671. | |||||
| CVE-2023-50124 | 1 Flient | 2 Smart Lock Advanced, Smart Lock Advanced Firmware | 2026-06-17 | N/A | 6.8 MEDIUM |
| Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials on a debug interface, in combination with certain design choices, an attacker can unlock the Flient Smart Door Lock by replacing the fingerprint that is stored on the scanner. | |||||
| CVE-2023-4419 | 1 Sick | 6 Lms500, Lms500 Firmware, Lms511 and 3 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device. | |||||
| CVE-2023-4204 | 1 Moxa | 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware | 2026-06-17 | N/A | 5.4 MEDIUM |
| NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation. | |||||
| CVE-2023-49256 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key. | |||||
| CVE-2023-49253 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Root user password is hardcoded into the device and cannot be changed in the user interface. | |||||
| CVE-2023-49228 | 1 Peplink | 2 Balance Two, Balance Two Firmware | 2026-06-17 | N/A | 6.4 MEDIUM |
| An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root. | |||||
| CVE-2023-49224 | 2026-06-17 | N/A | 8.0 HIGH | ||
| Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the authorized_keys file. A remote attacker could use this key to gain root privileges. | |||||
| CVE-2023-49223 | 2026-06-17 | N/A | 8.8 HIGH | ||
| Precor touchscreen console P62, P80, and P82 could allow a remote attacker to obtain sensitive information because the root password is stored in /etc/passwd. An attacker could exploit this to extract files and obtain sensitive information. | |||||
| CVE-2023-49222 | 2026-06-17 | N/A | 8.8 HIGH | ||
| Precor touchscreen console P82 contains a private SSH key that corresponds to a default public key. A remote attacker could exploit this to gain root privileges. | |||||
| CVE-2023-49221 | 2026-06-17 | N/A | 7.8 HIGH | ||
| Precor touchscreen console P62, P80, and P82 could allow a remote attacker (within the local network) to bypass security restrictions, and access the service menu, because there is a hard-coded service code. | |||||
| CVE-2023-48392 | 1 Kaifa | 1 Webitr Attendance System | 2026-06-17 | N/A | 9.8 CRITICAL |
| Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, to execute login account’s permissions, and obtain relevant information. | |||||
