Total
1328 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1228 | 1 Eurosoft | 1 Przychodnia | 2024-11-21 | 9.8 Critical |
| Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Eurosoft Przychodnia installations. This issue affects Eurosoft Przychodnia software before version 20240417.001 (from that version vulnerability is fixed). | ||||
| CVE-2024-0865 | 1 Schneider-electric | 1 Ecostruxure It Gateway | 2024-11-21 | 7.8 High |
| CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user. | ||||
| CVE-2024-0390 | 2024-11-21 | N/A | ||
| INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit "reQnet iZZi".This issue affects "iZZi connect" application versions before 2024010401. | ||||
| CVE-2023-6482 | 1 Synaptics | 1 Fingerprint Driver | 2024-11-21 | 5.2 Medium |
| Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database. | ||||
| CVE-2023-6448 | 1 Unitronics | 33 Samba 3.5, Samba 3.5 Firmware, Samba 4.3 and 30 more | 2024-11-21 | 9.8 Critical |
| Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system. | ||||
| CVE-2023-6255 | 2024-11-21 | 7.5 High | ||
| Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable.This issue affects SoliPay Mobile App: before 5.0.8. | ||||
| CVE-2023-6198 | 2024-11-21 | 9.3 Critical | ||
| Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User Passwords modules) allows unauthorized access to the device. | ||||
| CVE-2023-5777 | 1 Weintek | 1 Easybuilder Pro | 2024-11-21 | 9.8 Critical |
| Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server. | ||||
| CVE-2023-5456 | 1 Ailux | 1 Imx6 Bundle | 2024-11-21 | 8.1 High |
| A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows a remote unauthenticated attacker to access the database service and all included data with the same privileges of the web application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. | ||||
| CVE-2023-5318 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.5 High |
| Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0. | ||||
| CVE-2023-5074 | 1 Dlink | 1 D-view 8 | 2024-11-21 | 9.8 Critical |
| Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28 | ||||
| CVE-2023-52723 | 1 Kde | 1 Libksieve | 2024-11-21 | 7.1 High |
| In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value. | ||||
| CVE-2023-51840 | 1 Html-js | 1 Doracms | 2024-11-21 | 9.8 Critical |
| DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key. | ||||
| CVE-2023-51588 | 2024-11-21 | N/A | ||
| Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of a MySQL instance. The issue results from hardcoded database credentials. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22075. | ||||
| CVE-2023-50974 | 1 Appwrite | 1 Command Line Interface | 2024-11-21 | 5.5 Medium |
| In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials. | ||||
| CVE-2023-50948 | 1 Ibm | 1 Storage Fusion Hci | 2024-11-21 | 6.5 Medium |
| IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671. | ||||
| CVE-2023-50124 | 1 Flient | 2 Smart Lock Advanced, Smart Lock Advanced Firmware | 2024-11-21 | 6.8 Medium |
| Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials on a debug interface, in combination with certain design choices, an attacker can unlock the Flient Smart Door Lock by replacing the fingerprint that is stored on the scanner. | ||||
| CVE-2023-4539 | 2024-11-21 | 7.5 High | ||
| Use of a hard-coded password for a special database account created during Comarch ERP XL installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Comarch ERP XL installations. This issue affects ERP XL: from 2020.2.2 through 2023.2. | ||||
| CVE-2023-4204 | 1 Moxa | 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware | 2024-11-21 | 5.4 Medium |
| NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation. | ||||
| CVE-2023-49256 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2024-11-21 | 7.5 High |
| It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key. | ||||