Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-19 | CVE-2024-23687 | Use of Hard-coded Credentials vulnerability in Openlibraryfoundation Mod-Data-Export-Spring Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines. | 9.1 |
| 2024-01-19 | CVE-2024-23685 | Use of Hard-coded Credentials vulnerability in Openlibraryfoundation Mod-Remote-Storage Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and identifier-types. | 5.3 |
| 2024-01-13 | CVE-2023-46943 | Use of Hard-coded Credentials vulnerability in Evershop 1.0.0 An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. | 9.1 |
| 2024-01-12 | CVE-2023-28897 | Use of Hard-coded Credentials vulnerability in Skoda-Auto Superb 3 Firmware 2022 The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022. | 9.8 |
| 2024-01-12 | CVE-2023-49253 | Use of Hard-coded Credentials vulnerability in Hongdian H8951-4G-Esp Firmware Root user password is hardcoded into the device and cannot be changed in the user interface. | 9.8 |
| 2024-01-12 | CVE-2023-49256 | Use of Hard-coded Credentials vulnerability in Hongdian H8951-4G-Esp Firmware It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key. | 7.5 |
| 2024-01-11 | CVE-2023-50124 | Use of Hard-coded Credentials vulnerability in Flient Smart Lock Advanced Firmware 1.0 Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. | 6.8 |
| 2024-01-10 | CVE-2023-48251 | Use of Hard-coded Credentials vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account. | 9.8 |
| 2024-01-10 | CVE-2023-48250 | Use of Hard-coded Credentials vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts. | 9.8 |
| 2024-01-09 | CVE-2023-50974 | Use of Hard-coded Credentials vulnerability in Appwrite Command Line Interface In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. | 5.5 |