Total
160 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-48831 | 1 Dell | 1 Smartfabric Os10 | 2025-07-14 | 8.4 High |
| Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Hard-coded Password vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. | ||||
| CVE-2025-6932 | 2 D-link, Dlink | 3 Dcs-7517, Dcs-7517, Dcs-7517 Firmware | 2025-07-14 | 3.7 Low |
| A vulnerability, which was classified as problematic, was found in D-Link DCS-7517 up to 2.02.0. This affects the function g_F_n_GenPassForQlync of the file /bin/httpd of the component Qlync Password Generation Handler. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-7080 | 1 Done-0 | 1 Jank | 2025-07-13 | 3.7 Low |
| A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwt_utils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret with the input jank-blog-secret/jank-blog-refresh-secret leads to use of hard-coded password. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | ||||
| CVE-2025-1879 | 1 I-drive | 2 I11, I12 | 2025-07-13 | 2.4 Low |
| A vulnerability was found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This issue affects some unknown processing of the component APK. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life. | ||||
| CVE-2024-27488 | 1 Zlmediakit | 1 Zlmediakit | 2025-07-13 | 9.8 Critical |
| Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful api interface, but the secret is hardcoded by default. | ||||
| CVE-2024-5275 | 1 Fortra | 2 Filecatalyst Direct, Filecatalyst Workflow | 2025-07-12 | 7.8 High |
| A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent. This issue affects all versions of FileCatalyst Direct from 3.8.10 Build 138 and earlier and all versions of FileCatalyst Workflow from 5.1.6 Build 130 and earlier. | ||||
| CVE-2025-1100 | 1 Q-free | 1 Maxtime | 2025-07-12 | 9.8 Critical |
| A CWE-259 "Use of Hard-coded Password" for the root account in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to execute arbitrary code with root privileges via SSH. | ||||
| CVE-2025-3920 | 2025-07-08 | N/A | ||
| A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond to a built-in administrative account of the software. An attacker with local access to the system or the application's installation directory could extract these credentials, potentially leading to a complete compromise of the application's administrative functions. This issue was fixed in version 2025.03.27 of the SUR-FBD CMMS software. | ||||
| CVE-2012-5862 | 1 Sinapsitech | 4 Esolar Duo Photovoltaic System Monitor, Esolar Light Photovoltaic System Monitor, Esolar Photovoltaic System Monitor and 1 more | 2025-07-08 | N/A |
| These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access. | ||||
| CVE-2025-6139 | 1 Totolink | 2 T10, T10 Firmware | 2025-06-26 | 3.9 Low |
| A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-25984 | 1 Macro-video | 2 V380e6 C1, V380e6 C1 Firmware | 2025-06-25 | 6.8 Medium |
| An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via UART component. | ||||
| CVE-2025-47748 | 1 Netwrix | 1 Directory Manager | 2025-06-19 | 5.3 Medium |
| Netwrix Directory Manager v.11.0.0.0 and before & after v.11.1.25134.03 contains a hardcoded password. | ||||
| CVE-2024-28066 | 1 Mitel | 28 6905, 6905 Firmware, 6910 and 25 more | 2025-06-18 | 8.8 High |
| In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password). | ||||
| CVE-2024-36526 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-06-17 | 9.8 Critical |
| ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key. | ||||
| CVE-2023-50948 | 1 Ibm | 1 Storage Fusion Hci | 2025-06-03 | 6.5 Medium |
| IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671. | ||||
| CVE-2025-5379 | 2025-06-02 | 4.3 Medium | ||
| A vulnerability classified as critical was found in NuCom NC-WR744G 8.5.5 Build 20200530.307. This vulnerability affects unknown code of the component Console Application. The manipulation of the argument CMCCAdmin/useradmin/CUAdmin leads to hard-coded credentials. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-46328 | 1 Vonets | 2 Vap11g-300, Vap11g-300 Firmware | 2025-05-29 | 8 High |
| VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged accounts, including root. | ||||
| CVE-2023-37231 | 1 Loftware | 1 Spectrum | 2025-05-29 | 9.8 Critical |
| Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password. | ||||
| CVE-2024-42639 | 1 H3c | 3 Gr-1100-p, Gr1100-p, Gr1100-p Firmware | 2025-05-27 | 9.8 Critical |
| H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root. | ||||
| CVE-2024-37644 | 1 Trendnet | 2 Tew-814dap, Tew-814dap Firmware | 2025-05-27 | 8.8 High |
| TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | ||||