Vulnerabilities > Use of Hard-coded Credentials

DATE CVE VULNERABILITY TITLE RISK
2023-04-28 CVE-2022-41398 Use of Hard-coded Credentials vulnerability in Sage 300
The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance.
network
low complexity
sage CWE-798
7.5
2023-04-28 CVE-2022-41399 Use of Hard-coded Credentials vulnerability in Sage 300
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml".
network
low complexity
sage CWE-798
7.5
2023-04-28 CVE-2022-41400 Use of Hard-coded Credentials vulnerability in Sage 300
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory.
network
low complexity
sage CWE-798
critical
9.8
2023-04-27 CVE-2023-2158 Use of Hard-coded Credentials vulnerability in Synopsys Code DX
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token.
network
low complexity
synopsys CWE-798
critical
9.8
2023-04-26 CVE-2022-39989 Use of Hard-coded Credentials vulnerability in Fighting Cock Information System Project Fighting Cock Information System 1.0
An issue was discovered in Fighting Cock Information System 1.0, which uses default credentials, but does not force nor prompt the administrators to change the credentials.
network
low complexity
fighting-cock-information-system-project CWE-798
critical
9.8
2023-04-25 CVE-2022-45291 Use of Hard-coded Credentials vulnerability in Pwsdashboard Personal Weather Station Dashboard
PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote code execution by injecting PHP code into settings.php.
network
low complexity
pwsdashboard CWE-798
7.2
2023-04-17 CVE-2023-24501 Use of Hard-coded Credentials vulnerability in Electra-Air Central AC Unit Firmware V4/V5
Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit.
network
low complexity
electra-air CWE-798
critical
9.8
2023-04-16 CVE-2022-37255 Use of Hard-coded Credentials vulnerability in Tp-Link Tapo C310 Firmware 1.3.0
TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603.
network
low complexity
tp-link CWE-798
7.5
2023-04-11 CVE-2023-22429 Use of Hard-coded Credentials vulnerability in Wolt Delivery 4.27.2
Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier uses hard-coded credentials (API key for an external service), which may allow a local attacker to obtain the hard-coded API key via reverse-engineering the application binary.
local
low complexity
wolt CWE-798
7.8
2023-04-04 CVE-2023-1748 Use of Hard-coded Credentials vulnerability in Getnexx products
The listed versions of Nexx Smart Home devices use hard-coded credentials.
network
low complexity
getnexx CWE-798
critical
10.0