Vulnerabilities > Use of Hard-coded Credentials
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-04-17 | CVE-2024-21990 | Use of Hard-coded Credentials vulnerability in Netapp Ontap Select Deploy Administration Utility ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials. | 9.8 |
2024-03-18 | CVE-2024-27774 | Use of Hard-coded Credentials vulnerability in Unitronics Unilogic Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware | 6.5 |
2024-03-13 | CVE-2023-38535 | Use of Hard-coded Credentials vulnerability in Opentext Exceed Turbox 12.5.0/12.5.1 Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. | 9.8 |
2024-03-13 | CVE-2024-28194 | Use of Hard-coded Credentials vulnerability in Yooooomi Your Spotify your_spotify is an open source, self hosted Spotify tracking dashboard. | 9.8 |
2024-03-05 | CVE-2023-5456 | Use of Hard-coded Credentials vulnerability in Ailux Imx6 A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows a remote unauthenticated attacker to access the database service and all included data with the same privileges of the web application. | 9.8 |
2024-03-05 | CVE-2024-25731 | Use of Hard-coded Credentials vulnerability in Elinksmart Esmartcam 2.1.5 The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. | 7.5 |
2024-02-23 | CVE-2024-24681 | Use of Hard-coded Credentials vulnerability in Yealink Configuration Encryption Tool An issue was discovered in Yealink Configuration Encrypt Tool (AES version) and Yealink Configuration Encrypt Tool (RSA version before 1.2). | 9.8 |
2024-02-15 | CVE-2024-0390 | Use of Hard-coded Credentials vulnerability in Inprax Izzi Connect INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. | 9.8 |
2024-02-15 | CVE-2023-4539 | Use of Hard-coded Credentials vulnerability in Comarch ERP XL Use of a hard-coded password for a special database account created during Comarch ERP XL installation allows an attacker to retrieve embedded sensitive data stored in the database. | 7.5 |
2024-02-07 | CVE-2023-38995 | Use of Hard-coded Credentials vulnerability in Schuhfried 8.22.00 An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command. | 9.8 |