Total
1328 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36049 | 2024-11-21 | 6.5 Medium | ||
| Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write access to personally identifiable information (PII) and especially payroll data and the ability to impersonate legitimate users with respect to the audit log. | ||||
| CVE-2024-35338 | 1 Tendacn | 2 I29, I29 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root. | ||||
| CVE-2024-34219 | 2024-11-21 | 8.6 High | ||
| TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet. | ||||
| CVE-2024-33329 | 1 Lumis | 1 Lumis Experience Platform | 2024-11-21 | N/A |
| A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information. | ||||
| CVE-2024-32988 | 2024-11-21 | 7.5 High | ||
| 'OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App for iOS versions 2.1.7 to 2.6.14 use a hard-coded secret key for JWT. Secret key for JWT may be retrieved if the application binary is reverse-engineered. | ||||
| CVE-2024-32740 | 2024-11-21 | 9.8 Critical | ||
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device locally or over the network. | ||||
| CVE-2024-32053 | 2024-11-21 | 9.8 Critical | ||
| Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business application. | ||||
| CVE-2024-31873 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | 7.5 High |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317. | ||||
| CVE-2024-2161 | 2024-11-21 | 9.8 Critical | ||
| Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 . | ||||
| CVE-2024-29966 | 2024-11-21 | 7.5 High | ||
| Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance. | ||||
| CVE-2024-29963 | 2024-11-21 | 1.9 Low | ||
| Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries. | ||||
| CVE-2024-29960 | 2024-11-21 | 6.8 Medium | ||
| In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav. | ||||
| CVE-2024-28747 | 1 Ifm | 2 Smart Plc Ac14xx Firmware, Smart Plc Ac4xxs Firmware | 2024-11-21 | 9.8 Critical |
| An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges. | ||||
| CVE-2024-28194 | 2024-11-21 | 9.1 Critical | ||
| your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.8.0 use a hardcoded JSON Web Token (JWT) secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This vulnerability allows attackers to bypass authentication and authenticate as arbitrary YourSpotify users, including admin users. This issue has been addressed in version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-27170 | 2024-11-21 | 7.4 High | ||
| It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the affected products/models/versions, see the reference URL. | ||||
| CVE-2024-27168 | 2024-11-21 | 7.1 High | ||
| It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL. | ||||
| CVE-2024-27161 | 2024-11-21 | 6.2 Medium | ||
| all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the encryption. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | ||||
| CVE-2024-27160 | 2024-11-21 | 6.2 Medium | ||
| All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | ||||
| CVE-2024-27159 | 2024-11-21 | 6.2 Medium | ||
| All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | ||||
| CVE-2024-27107 | 2024-11-21 | 9.6 Critical | ||
| Weak account password in GE HealthCare EchoPAC products | ||||