Vulnerabilities > Use of Hard-coded Credentials

DATE CVE VULNERABILITY TITLE RISK
2024-01-09 CVE-2023-50974 Use of Hard-coded Credentials vulnerability in Appwrite Command Line Interface
In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions.
local
low complexity
appwrite CWE-798
5.5
2024-01-08 CVE-2023-50948 Use of Hard-coded Credentials vulnerability in IBM Storage Fusion HCI 2.1.0/2.6.1
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
9.8
2024-01-03 CVE-2023-37608 Use of Hard-coded Credentials vulnerability in Automaticsystems SOC Fl9600 Firstlane Firmware 06
An issue in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password.
network
low complexity
automaticsystems CWE-798
7.5
2023-12-28 CVE-2023-49228 Use of Hard-coded Credentials vulnerability in Peplink Balance TWO Firmware 8.1.0
An issue was discovered in Peplink Balance Two before 8.4.0.
high complexity
peplink CWE-798
6.4
2023-12-27 CVE-2023-46918 Use of Hard-coded Credentials vulnerability in Fedirtsapana Simple Http Server Plus 1.8.1Plus
Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true.
low complexity
fedirtsapana CWE-798
4.6
2023-12-27 CVE-2023-46919 Use of Hard-coded Credentials vulnerability in Fedirtsapana Simple Http Server and Simple Http Server Plus
Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K (AES) encryption key.
local
high complexity
fedirtsapana CWE-798
6.3
2023-12-26 CVE-2023-46711 Use of Hard-coded Credentials vulnerability in Buffalo Vr-S1000 Firmware
VR-S1000 firmware Ver.
low complexity
buffalo CWE-798
4.6
2023-12-25 CVE-2023-40236 Use of Hard-coded Credentials vulnerability in Pexip Virtual Meeting Rooms
In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass.
network
high complexity
pexip CWE-798
5.3
2023-12-19 CVE-2023-43870 Use of Hard-coded Credentials vulnerability in Paxton-Access Net2 6.02/6.07
When installing the Net2 software a root certificate is installed into the trusted store.
network
low complexity
paxton-access CWE-798
critical
9.8
2023-12-15 CVE-2023-48374 Use of Hard-coded Credentials vulnerability in Csharp CWS Collaborative Development Platform 10.25
SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege.
network
low complexity
csharp CWE-798
6.5