Vulnerabilities > Use of Hard-coded Credentials
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-22 | CVE-2023-47315 | Use of Hard-coded Credentials vulnerability in H-Mdm Headwind MDM 5.22.1 Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. | 8.8 |
2023-11-16 | CVE-2023-48053 | Use of Hard-coded Credentials vulnerability in Archerydms Archery 1.9.0 Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. | 7.5 |
2023-11-16 | CVE-2023-48055 | Use of Hard-coded Credentials vulnerability in Superagi 0.0.13 SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. | 7.5 |
2023-11-16 | CVE-2023-44296 | Use of Hard-coded Credentials vulnerability in Dell E-Lab Navigator 3.1.8/3.1.9 Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. | 5.5 |
2023-11-16 | CVE-2023-47213 | Use of Hard-coded Credentials vulnerability in C-First products First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. | 9.8 |
2023-11-10 | CVE-2023-47800 | Use of Hard-coded Credentials vulnerability in Natus Neuroworks EEG and Sleepworks Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services. | 9.8 |
2023-11-09 | CVE-2023-41137 | Use of Hard-coded Credentials vulnerability in Appsanywhere Client Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server. | 9.8 |
2023-11-06 | CVE-2023-5777 | Use of Hard-coded Credentials vulnerability in Weintek Easybuilder PRO Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server. | 9.8 |
2023-11-02 | CVE-2023-31579 | Use of Hard-coded Credentials vulnerability in Tangyh Lamp-Cloud Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. | 9.8 |
2023-10-27 | CVE-2023-45499 | Use of Hard-coded Credentials vulnerability in Vinchin Backup and Recovery VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials. | 9.8 |