Vulnerabilities > Use of Hard-coded Credentials

DATE CVE VULNERABILITY TITLE RISK
2024-04-17 CVE-2024-21990 Use of Hard-coded Credentials vulnerability in Netapp Ontap Select Deploy Administration Utility
ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials.
network
low complexity
netapp CWE-798
critical
9.8
2024-03-18 CVE-2024-27774 Use of Hard-coded Credentials vulnerability in Unitronics Unilogic
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware
network
low complexity
unitronics CWE-798
6.5
2024-03-13 CVE-2023-38535 Use of Hard-coded Credentials vulnerability in Opentext Exceed Turbox 12.5.0/12.5.1
Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2.
network
low complexity
opentext CWE-798
critical
9.8
2024-03-13 CVE-2024-28194 Use of Hard-coded Credentials vulnerability in Yooooomi Your Spotify
your_spotify is an open source, self hosted Spotify tracking dashboard.
network
low complexity
yooooomi CWE-798
critical
9.8
2024-03-05 CVE-2023-5456 Use of Hard-coded Credentials vulnerability in Ailux Imx6
A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows a remote unauthenticated attacker to access the database service and all included data with the same privileges of the web application.
network
low complexity
ailux CWE-798
critical
9.8
2024-03-05 CVE-2024-25731 Use of Hard-coded Credentials vulnerability in Elinksmart Esmartcam 2.1.5
The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file.
high complexity
elinksmart CWE-798
7.5
2024-02-23 CVE-2024-24681 Use of Hard-coded Credentials vulnerability in Yealink Configuration Encryption Tool
An issue was discovered in Yealink Configuration Encrypt Tool (AES version) and Yealink Configuration Encrypt Tool (RSA version before 1.2).
network
low complexity
yealink CWE-798
critical
9.8
2024-02-15 CVE-2024-0390 Use of Hard-coded Credentials vulnerability in Inprax Izzi Connect
INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials.
network
low complexity
inprax CWE-798
critical
9.8
2024-02-15 CVE-2023-4539 Use of Hard-coded Credentials vulnerability in Comarch ERP XL
Use of a hard-coded password for a special database account created during Comarch ERP XL installation allows an attacker to retrieve embedded sensitive data stored in the database.
network
low complexity
comarch CWE-798
7.5
2024-02-07 CVE-2023-38995 Use of Hard-coded Credentials vulnerability in Schuhfried 8.22.00
An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command.
network
low complexity
schuhfried CWE-798
critical
9.8