Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-10 | CVE-2023-30352 | Use of Hard-coded Credentials vulnerability in Tenda CP3 Firmware 11.10.00.2211041355 Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for the RTSP feed. | 9.8 |
| 2023-05-03 | CVE-2023-26203 | Use of Hard-coded Credentials vulnerability in Fortinet Fortinac and Fortinac-F A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands. | 7.8 |
| 2023-05-02 | CVE-2023-26089 | Use of Hard-coded Credentials vulnerability in Echa.Europa Iuclid European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. | 9.8 |
| 2023-04-28 | CVE-2022-41397 | Use of Hard-coded Credentials vulnerability in Sage 300 The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables. | 9.8 |
| 2023-04-28 | CVE-2022-41398 | Use of Hard-coded Credentials vulnerability in Sage 300 The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. | 7.5 |
| 2023-04-28 | CVE-2022-41399 | Use of Hard-coded Credentials vulnerability in Sage 300 The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". | 7.5 |
| 2023-04-28 | CVE-2022-41400 | Use of Hard-coded Credentials vulnerability in Sage 300 Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. | 9.8 |
| 2023-04-27 | CVE-2023-2158 | Use of Hard-coded Credentials vulnerability in Synopsys Code DX Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. | 9.8 |
| 2023-04-26 | CVE-2022-39989 | Use of Hard-coded Credentials vulnerability in Fighting Cock Information System Project Fighting Cock Information System 1.0 An issue was discovered in Fighting Cock Information System 1.0, which uses default credentials, but does not force nor prompt the administrators to change the credentials. | 9.8 |
| 2023-04-25 | CVE-2022-45291 | Use of Hard-coded Credentials vulnerability in Pwsdashboard Personal Weather Station Dashboard PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote code execution by injecting PHP code into settings.php. | 7.2 |