Total
163 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29825 | 1 Mitsubishielectric | 1 Gx Works3 | 2025-11-07 | 5.6 Medium |
| Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U, GT Designer3 Version1 (GOT2000) versions from 1.122C to 1.290C, and MT Works2 versions from 1.100E to 1.200J allows an unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally. | ||||
| CVE-2025-12676 | 1 Wordpress | 1 Wordpress | 2025-11-06 | 5.3 Medium |
| The KiotViet Sync plugin for WordPress is vulnerable to authorizarion bypass in all versions up to, and including, 1.8.5. This is due to the plugin using a hardcoded password for authentication in the QueryControllerAdmin::authenticated function. This makes it possible for unauthenticated attackers to create and sync products. | ||||
| CVE-2023-46685 | 3 Level1, Level One, Realtek | 4 Wbr-6013, Wbr-6013 Firmware, Wbr6013 and 1 more | 2025-11-04 | 9.8 Critical |
| A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A set of specially crafted network packets can lead to arbitrary command execution. | ||||
| CVE-2025-44955 | 2 Commscope, Ruckus | 2 Ruckus Network Director, Network Director | 2025-11-03 | 8.8 High |
| RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardcoded password. | ||||
| CVE-2025-27638 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Hardcoded Password V-2024-013. | ||||
| CVE-2014-5405 | 1 Hospira | 1 Mednet | 2025-11-03 | N/A |
| Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. | ||||
| CVE-2025-11643 | 2 Furbo, Tomofun | 6 Furbo 360 Dog Camera, Furbo 360 Dog Camera Firmware, Furbo Mini and 3 more | 2025-10-29 | 3.7 Low |
| A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furbo_img of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation appears to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-11649 | 2 Furbo, Tomofun | 6 Furbo 360 Dog Camera, Furbo 360 Dog Camera Firmware, Furbo Mini and 3 more | 2025-10-28 | 7 High |
| A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been made public and could be used. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-2322 | 1 274056675 | 1 Springboot-openai-chatgpt | 2025-10-24 | 7.3 High |
| A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been classified as critical. This affects an unknown part of the file /chatgpt-boot/src/main/java/org/springblade/modules/mjkj/controller/OpenController.java. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-47818 | 1 Flocksafety | 1 Gunshot Detection Firmware | 2025-10-24 | 2.2 Low |
| Flock Safety Gunshot Detection devices before 1.3 have a hard-coded password for a connection. | ||||
| CVE-2025-1100 | 1 Q-free | 1 Maxtime | 2025-10-24 | 9.8 Critical |
| A CWE-259 "Use of Hard-coded Password" for the root account in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to execute arbitrary code with root privileges via SSH. | ||||
| CVE-2025-47823 | 1 Flocksafety | 1 License Plate Reader Firmware | 2025-10-23 | 2.2 Low |
| Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have a hardcoded password for a system. | ||||
| CVE-2025-47821 | 1 Flocksafety | 1 Gunshot Detection Firmware | 2025-10-23 | 2.2 Low |
| Flock Safety Gunshot Detection devices before 1.3 have a hardcoded password for a system. | ||||
| CVE-2025-61330 | 1 H3c | 1 Magic | 2025-10-21 | 6.5 Medium |
| A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password at all. Some of these devices have the Telnet service enabled by default, or users can choose to enable the Telnet service in other device management interfaces (e.g. /debug.asp or /debug_telnet.asp). In addition, these devices have related interfaces called Virtual Servers, which can map the devices to the public network, posing the risk of remote attacks. Therefore, attackers can obtain the highest root privileges of the devices through the Telnet service using the weak password hardcoded in the firmware (or without a password), and remote attacks are possible. | ||||
| CVE-2025-9806 | 1 Tenda | 2 F1202, Fh1202 Firmware | 2025-10-21 | 1.9 Low |
| A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-11666 | 1 Tenda | 1 Rp3 Pro | 2025-10-21 | 6.7 Medium |
| A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to use of hard-coded password. The attack can only be executed locally. The exploit has been published and may be used. | ||||
| CVE-2025-20286 | 4 Amazon, Cisco, Microsoft and 1 more | 4 Amazon Web Services, Identity Services Engine, Azure and 1 more | 2025-10-15 | 9.9 Critical |
| A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. Note: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected. | ||||
| CVE-2025-2402 | 1 Knime | 1 Business Hub | 2025-10-08 | 8.6 High |
| A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It is also possible to cause a denial-of-service of most functionality of KNIME Business Hub by writing large amounts of data to the object store directly. There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub: * 1.13.2 or later * 1.12.3 or later * 1.11.3 or later * 1.10.3 or later | ||||
| CVE-2025-11284 | 1 Zytec Dalian Zhuoyun Technology | 1 Central Authentication Service | 2025-10-07 | 7.3 High |
| A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of the component HTTP Header Handler. The manipulation of the argument Authorization leads to use of hard-coded password. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-4996 | 2025-10-07 | 9.8 Critical | ||
| Use of a hard-coded password for a database administrator account created during Wapro ERP installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Wapro ERP installations. This issue affects Wapro ERP Desktop versions before 8.90.0. | ||||