Export limit exceeded: 14078 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1660 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49060 | 1 Microsoft | 1 Azure Stack Hci | 2025-07-08 | 8.8 High |
| Azure Stack HCI Elevation of Privilege Vulnerability | ||||
| CVE-2024-48192 | 1 Tenda | 2 G3, G3 Firmware | 2025-07-07 | 8 High |
| Tenda G3 v15.01.0.5(2848_755)_EN was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root | ||||
| CVE-2024-28778 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-03 | 6.5 Medium |
| IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization. | ||||
| CVE-2012-6428 | 1 Carlosgavazzi | 2 Eos-box Photovoltaic Monitoring System, Eos-box Photovoltaic Monitoring System Firmware | 2025-07-01 | N/A |
| The Carlo Gavazzi EOS-Box stores hard-coded passwords in the PHP file of the device. By using the hard-coded passwords, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access. | ||||
| CVE-2025-20188 | 1 Cisco | 2 Ios Xe, Ios Xe Software | 2025-06-23 | 10 Critical |
| A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP file upload interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges. | ||||
| CVE-2025-48748 | 1 Netwrix | 1 Directory Manager | 2025-06-23 | 10 Critical |
| Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password. | ||||
| CVE-2024-22853 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-06-20 | 9.8 Critical |
| D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session. | ||||
| CVE-2024-24324 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2025-06-20 | 9.8 Critical |
| TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow. | ||||
| CVE-2023-49256 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2025-06-20 | 7.5 High |
| It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key. | ||||
| CVE-2023-49253 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2025-06-20 | 9.8 Critical |
| Root user password is hardcoded into the device and cannot be changed in the user interface. | ||||
| CVE-2025-32888 | 1 Gotenna | 3 Gotenna, Mesh, Mesh Firmware | 2025-06-20 | 7.3 High |
| An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The verification token used for sending SMS through a goTenna server is hardcoded in the app. | ||||
| CVE-2025-32889 | 1 Gotenna | 3 Gotenna, Mesh, Mesh Firmware | 2025-06-20 | 7.3 High |
| An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The verification token used for sending SMS through a goTenna server is hardcoded in the app. | ||||
| CVE-2024-20280 | 1 Cisco | 1 Ucs Central Software | 2025-06-18 | 6.3 Medium |
| A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used for the backup function. An attacker could exploit this vulnerability by accessing a backup file and leveraging a static key that is used for the backup configuration feature. A successful exploit could allow an attacker with access to a backup file to learn sensitive information that is stored in full state backup files and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and the device SSL server certificate and key. | ||||
| CVE-2024-22313 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-06-17 | 6.2 Medium |
| IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749. | ||||
| CVE-2023-28897 | 1 Skoda-auto | 2 Superb 3, Superb 3 Firmware | 2025-06-17 | 4 Medium |
| The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022. | ||||
| CVE-2023-39458 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-06-17 | N/A |
| Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certificates. The service uses a hard-coded default SSL certificate. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20509. | ||||
| CVE-2023-48251 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2025-06-17 | 8.1 High |
| The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account. | ||||
| CVE-2023-48250 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2025-06-17 | 8.1 High |
| The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts. | ||||
| CVE-2023-50974 | 1 Appwrite | 1 Command Line Interface | 2025-06-17 | 5.5 Medium |
| In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials. | ||||
| CVE-2024-23619 | 1 Ibm | 1 Merge Efilm Workstation | 2025-06-16 | 9.8 Critical |
| A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution. | ||||