Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-19 | CVE-2024-29966 | Use of Hard-coded Credentials vulnerability in Broadcom Brocade Sannav Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. | 9.8 |
| 2024-04-19 | CVE-2024-29960 | Use of Hard-coded Credentials vulnerability in Broadcom Brocade Sannav In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. | 7.5 |
| 2024-04-19 | CVE-2024-29963 | Use of Hard-coded Credentials vulnerability in Broadcom Brocade Sannav Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. | 3.8 |
| 2024-04-17 | CVE-2024-21990 | Use of Hard-coded Credentials vulnerability in Netapp Ontap Select Deploy Administration Utility ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials. | 9.8 |
| 2024-03-18 | CVE-2024-27774 | Use of Hard-coded Credentials vulnerability in Unitronics Unilogic Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware | 6.5 |
| 2024-03-13 | CVE-2023-38535 | Use of Hard-coded Credentials vulnerability in Opentext Exceed Turbox 12.5.0/12.5.1 Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. | 9.8 |
| 2024-03-13 | CVE-2024-28194 | Use of Hard-coded Credentials vulnerability in Yooooomi Your Spotify your_spotify is an open source, self hosted Spotify tracking dashboard. | 9.8 |
| 2024-03-05 | CVE-2023-5456 | Use of Hard-coded Credentials vulnerability in Ailux Imx6 A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows a remote unauthenticated attacker to access the database service and all included data with the same privileges of the web application. | 9.8 |
| 2024-03-05 | CVE-2024-25731 | Use of Hard-coded Credentials vulnerability in Elinksmart Esmartcam 2.1.5 The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. | 7.5 |
| 2024-02-23 | CVE-2024-24681 | Use of Hard-coded Credentials vulnerability in Yealink Configuration Encryption Tool An issue was discovered in Yealink Configuration Encrypt Tool (AES version) and Yealink Configuration Encrypt Tool (RSA version before 1.2). | 9.8 |