Vulnerabilities > Use of Hard-coded Credentials

DATE CVE VULNERABILITY TITLE RISK
2023-11-22 CVE-2023-47315 Use of Hard-coded Credentials vulnerability in H-Mdm Headwind MDM 5.22.1
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret.
network
low complexity
h-mdm CWE-798
8.8
2023-11-16 CVE-2023-48053 Use of Hard-coded Credentials vulnerability in Archerydms Archery 1.9.0
Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption.
network
low complexity
archerydms CWE-798
7.5
2023-11-16 CVE-2023-48055 Use of Hard-coded Credentials vulnerability in Superagi 0.0.13
SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations.
network
low complexity
superagi CWE-798
7.5
2023-11-16 CVE-2023-44296 Use of Hard-coded Credentials vulnerability in Dell E-Lab Navigator 3.1.8/3.1.9
Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability.
local
low complexity
dell CWE-798
5.5
2023-11-16 CVE-2023-47213 Use of Hard-coded Credentials vulnerability in C-First products
First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device.
network
low complexity
c-first CWE-798
critical
9.8
2023-11-10 CVE-2023-47800 Use of Hard-coded Credentials vulnerability in Natus Neuroworks EEG and Sleepworks
Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services.
network
low complexity
natus CWE-798
critical
9.8
2023-11-09 CVE-2023-41137 Use of Hard-coded Credentials vulnerability in Appsanywhere Client
Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server.
network
low complexity
appsanywhere CWE-798
critical
9.8
2023-11-06 CVE-2023-5777 Use of Hard-coded Credentials vulnerability in Weintek Easybuilder PRO
Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server.
network
low complexity
weintek CWE-798
critical
9.8
2023-11-02 CVE-2023-31579 Use of Hard-coded Credentials vulnerability in Tangyh Lamp-Cloud
Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token.
network
low complexity
tangyh CWE-798
critical
9.8
2023-10-27 CVE-2023-45499 Use of Hard-coded Credentials vulnerability in Vinchin Backup and Recovery
VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials.
network
low complexity
vinchin CWE-798
critical
9.8