Vulnerabilities > Use of Hard-coded Credentials
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-18 | CVE-2022-35540 | Use of Hard-coded Credentials vulnerability in Dotnetcore Agileconfig Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access. | 9.8 |
2022-08-17 | CVE-2022-1400 | Use of Hard-coded Credentials vulnerability in Device42 Cmdb Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. | 9.8 |
2022-08-16 | CVE-2022-35734 | Use of Hard-coded Credentials vulnerability in Hjholdings Hulu 3.0.47 'Hulu / ????' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. | 7.5 |
2022-08-12 | CVE-2021-44720 | Use of Hard-coded Credentials vulnerability in multiple products In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. | 7.2 |
2022-08-10 | CVE-2022-35491 | Use of Hard-coded Credentials vulnerability in Totolink A3002Ru Firmware 3.0.0B20220304.1804 TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample. | 9.8 |
2022-08-05 | CVE-2022-22144 | Use of Hard-coded Credentials vulnerability in TCL Linkhub Mesh Wifi Ac1200 Ms1G0001.0014 A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. | 9.8 |
2022-08-04 | CVE-2022-34993 | Use of Hard-coded Credentials vulnerability in Totolink A3600R Firmware 4.1.2Cu.5182B20201102 Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample. | 9.8 |
2022-07-28 | CVE-2022-30314 | Use of Hard-coded Credentials vulnerability in Honeywell Safety Manager Firmware Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. | 4.6 |
2022-07-28 | CVE-2021-22644 | Use of Hard-coded Credentials vulnerability in Ovarro products Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key. | 9.8 |
2022-07-27 | CVE-2022-36952 | Use of Hard-coded Credentials vulnerability in Veritas Netbackup In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. | 9.8 |