Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-13 | CVE-2024-28194 | Use of Hard-coded Credentials vulnerability in Yooooomi Your Spotify your_spotify is an open source, self hosted Spotify tracking dashboard. | 9.8 |
| 2024-03-05 | CVE-2024-25731 | Use of Hard-coded Credentials vulnerability in Elinksmart Esmartcam 2.1.5 The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. | 7.5 |
| 2024-02-23 | CVE-2024-24681 | Use of Hard-coded Credentials vulnerability in Yealink Configuration Encryption Tool An issue was discovered in Yealink Configuration Encrypt Tool (AES version) and Yealink Configuration Encrypt Tool (RSA version before 1.2). | 9.8 |
| 2024-02-15 | CVE-2024-0390 | Use of Hard-coded Credentials vulnerability in Inprax Izzi Connect INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. | 9.8 |
| 2024-02-15 | CVE-2023-4539 | Use of Hard-coded Credentials vulnerability in Comarch ERP XL Use of a hard-coded password for a special database account created during Comarch ERP XL installation allows an attacker to retrieve embedded sensitive data stored in the database. | 7.5 |
| 2024-02-07 | CVE-2023-38995 | Use of Hard-coded Credentials vulnerability in Schuhfried 8.22.00 An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command. | 9.8 |
| 2024-02-06 | CVE-2024-22853 | Use of Hard-coded Credentials vulnerability in Dlink Go-Rt-Ac750 Firmware 101B03 D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session. | 9.8 |
| 2024-02-02 | CVE-2024-21764 | Use of Hard-coded Credentials vulnerability in Rapidscada Rapid Scada In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port. | 9.8 |
| 2024-02-01 | CVE-2023-46706 | Use of Hard-coded Credentials vulnerability in Machinesense Feverwarn Firmware Multiple MachineSense devices have credentials unable to be changed by the user or administrator. | 9.8 |
| 2024-01-30 | CVE-2024-24324 | Use of Hard-coded Credentials vulnerability in Totolink A8000Ru Firmware 7.1Cu.643B20200521 TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow. | 9.8 |