Vulnerabilities > Use of Hard-coded Credentials
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-15 | CVE-2023-48392 | Use of Hard-coded Credentials vulnerability in Kaifa Webitr Attendance System 2.1.0.23 Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. | 9.8 |
2023-12-15 | CVE-2023-48388 | Use of Hard-coded Credentials vulnerability in Multisuns Easylog Web+ Firmware 1.13.2.8 Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. | 9.8 |
2023-12-15 | CVE-2023-48374 | Use of Hard-coded Credentials vulnerability in Csharp CWS Collaborative Development Platform 10.25 SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. | 6.5 |
2023-12-12 | CVE-2023-36647 | Use of Hard-coded Credentials vulnerability in Prolion Cryptospike 3.0.15 A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens. | 7.5 |
2023-12-12 | CVE-2023-36651 | Use of Hard-coded Credentials vulnerability in Prolion Cryptospike 3.0.15 Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials. | 7.2 |
2023-12-07 | CVE-2023-33413 | Use of Hard-coded Credentials vulnerability in Supermicro products The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands. | 8.8 |
2023-12-07 | CVE-2023-40300 | Use of Hard-coded Credentials vulnerability in Netscout Ngeniuspulse 3.8.00.2349.0 NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key. | 9.8 |
2023-12-07 | CVE-2023-39169 | Use of Hard-coded Credentials vulnerability in Enbw Senec Storage BOX Firmware The affected devices use publicly available default credentials with administrative privileges. | 9.8 |
2023-12-05 | CVE-2023-6448 | Use of Hard-coded Credentials vulnerability in Unitronics products Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. | 9.8 |
2023-12-04 | CVE-2023-40463 | Use of Hard-coded Credentials vulnerability in Sierrawireless Aleos When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access. | 7.2 |