Vulnerabilities > Use of Hard-coded Credentials
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-28 | CVE-2022-41398 | Use of Hard-coded Credentials vulnerability in Sage 300 The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. | 7.5 |
2023-04-28 | CVE-2022-41399 | Use of Hard-coded Credentials vulnerability in Sage 300 The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". | 7.5 |
2023-04-28 | CVE-2022-41400 | Use of Hard-coded Credentials vulnerability in Sage 300 Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. | 9.8 |
2023-04-27 | CVE-2023-2158 | Use of Hard-coded Credentials vulnerability in Synopsys Code DX Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. | 9.8 |
2023-04-26 | CVE-2022-39989 | Use of Hard-coded Credentials vulnerability in Fighting Cock Information System Project Fighting Cock Information System 1.0 An issue was discovered in Fighting Cock Information System 1.0, which uses default credentials, but does not force nor prompt the administrators to change the credentials. | 9.8 |
2023-04-25 | CVE-2022-45291 | Use of Hard-coded Credentials vulnerability in Pwsdashboard Personal Weather Station Dashboard PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote code execution by injecting PHP code into settings.php. | 7.2 |
2023-04-17 | CVE-2023-24501 | Use of Hard-coded Credentials vulnerability in Electra-Air Central AC Unit Firmware V4/V5 Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit. | 9.8 |
2023-04-16 | CVE-2022-37255 | Use of Hard-coded Credentials vulnerability in Tp-Link Tapo C310 Firmware 1.3.0 TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603. | 7.5 |
2023-04-11 | CVE-2023-22429 | Use of Hard-coded Credentials vulnerability in Wolt Delivery 4.27.2 Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier uses hard-coded credentials (API key for an external service), which may allow a local attacker to obtain the hard-coded API key via reverse-engineering the application binary. | 7.8 |
2023-04-04 | CVE-2023-1748 | Use of Hard-coded Credentials vulnerability in Getnexx products The listed versions of Nexx Smart Home devices use hard-coded credentials. | 10.0 |