Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-22 | CVE-2023-47315 | Use of Hard-coded Credentials vulnerability in H-Mdm Headwind MDM 5.22.1 Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. | 8.8 |
| 2023-11-16 | CVE-2023-48053 | Use of Hard-coded Credentials vulnerability in Archerydms Archery 1.9.0 Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. | 7.5 |
| 2023-11-16 | CVE-2023-48055 | Use of Hard-coded Credentials vulnerability in Superagi 0.0.13 SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. | 7.5 |
| 2023-11-16 | CVE-2023-44296 | Use of Hard-coded Credentials vulnerability in Dell E-Lab Navigator 3.1.8/3.1.9 Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. | 5.5 |
| 2023-11-16 | CVE-2023-47213 | Use of Hard-coded Credentials vulnerability in C-First products First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. | 9.8 |
| 2023-11-14 | CVE-2023-40719 | Use of Hard-coded Credentials vulnerability in Fortinet Fortianalyzer and Fortimanager A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials. | 5.5 |
| 2023-11-14 | CVE-2023-33304 | Use of Hard-coded Credentials vulnerability in Fortinet Forticlient A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials. | 5.5 |
| 2023-11-10 | CVE-2023-47800 | Use of Hard-coded Credentials vulnerability in Natus Neuroworks EEG and Sleepworks Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services. | 9.8 |
| 2023-11-09 | CVE-2023-41137 | Use of Hard-coded Credentials vulnerability in Appsanywhere Client Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server. | 9.8 |
| 2023-11-06 | CVE-2023-5777 | Use of Hard-coded Credentials vulnerability in Weintek Easybuilder PRO Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server. | 9.8 |