Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-25 | CVE-2023-40236 | Use of Hard-coded Credentials vulnerability in Pexip Virtual Meeting Rooms In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass. | 5.3 |
| 2023-12-19 | CVE-2023-43870 | Use of Hard-coded Credentials vulnerability in Paxton-Access Net2 6.02/6.07 When installing the Net2 software a root certificate is installed into the trusted store. | 9.8 |
| 2023-12-15 | CVE-2023-48374 | Use of Hard-coded Credentials vulnerability in Csharp CWS Collaborative Development Platform 10.25 SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. | 6.5 |
| 2023-12-12 | CVE-2023-36647 | Use of Hard-coded Credentials vulnerability in Prolion Cryptospike 3.0.15 A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens. | 7.5 |
| 2023-12-12 | CVE-2023-36651 | Use of Hard-coded Credentials vulnerability in Prolion Cryptospike 3.0.15 Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials. | 7.2 |
| 2023-12-07 | CVE-2023-33413 | Use of Hard-coded Credentials vulnerability in Supermicro products The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands. | 8.8 |
| 2023-12-07 | CVE-2023-40300 | Use of Hard-coded Credentials vulnerability in Netscout Ngeniuspulse 3.8.00.2349.0 NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key. | 9.8 |
| 2023-12-05 | CVE-2023-6448 | Use of Hard-coded Credentials vulnerability in Unitronics products Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. | 9.8 |
| 2023-12-04 | CVE-2023-40463 | Use of Hard-coded Credentials vulnerability in Sierrawireless Aleos When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access. | 7.2 |
| 2023-12-04 | CVE-2023-40464 | Use of Hard-coded Credentials vulnerability in Sierrawireless Aleos Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. | 6.8 |