Total
1530 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34462 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | 8.4 High |
| Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. | ||||
| CVE-2022-34442 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | 8 High |
| Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. | ||||
| CVE-2022-34440 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | 8.4 High |
| Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | ||||
| CVE-2023-32145 | 2 D-link, Dlink | 5 Dap-1360, Dap-1360, Dap-1360 Firmware and 2 more | 2025-05-16 | 8.8 High |
| D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the web-based user interface. The firmware contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-18455. | ||||
| CVE-2023-38995 | 1 Schuhfried | 1 Schuhfried | 2025-05-15 | 9.8 Critical |
| An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command. | ||||
| CVE-2022-41540 | 1 Tp-link | 2 Ax10, Ax10 Firmware | 2025-05-15 | 5.9 Medium |
| The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attack, and access sensitive information. | ||||
| CVE-2023-35724 | 1 Dlink | 2 Dap-2622, Dap-2622 Firmware | 2025-05-13 | 8.8 High |
| D-Link DAP-2622 Telnet CLI Use of Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CLI service, which listens on TCP port 23. The server program contains hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-20050. | ||||
| CVE-2023-6409 | 1 Schneider-electric | 2 Ecostruxure Control Expert, Ecostruxure Process Expert | 2025-05-12 | 7.7 High |
| CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert. | ||||
| CVE-2022-42980 | 1 Go-admin | 1 Go-admin | 2025-05-10 | 9.8 Critical |
| go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key. | ||||
| CVE-2024-23816 | 1 Siemens | 1 Location Intelligence | 2025-05-09 | 9.8 Critical |
| A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3). Affected products use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application. | ||||
| CVE-2022-42176 | 1 Pctechsoft | 1 Pcsecure | 2025-05-08 | 7.8 High |
| In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access. | ||||
| CVE-2025-4041 | 2025-05-07 | N/A | ||
| In Optigo Networks ONS NC600 versions 4.2.1-084 through 4.7.2-330, an attacker could connect with the device's ssh server and utilize the system's components to perform OS command executions. | ||||
| CVE-2022-38117 | 1 Juiker | 1 Juiker | 2025-05-07 | 5.5 Medium |
| Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it. | ||||
| CVE-2021-4228 | 1 Lannerinc | 2 Iac-ast2500, Iac-ast2500 Firmware | 2025-05-05 | 5.8 Medium |
| Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0. | ||||
| CVE-2024-29063 | 1 Microsoft | 1 Azure Ai Search | 2025-05-03 | 7.3 High |
| Azure AI Search Information Disclosure Vulnerability | ||||
| CVE-2022-37710 | 1 Pattersondental | 1 Eaglesoft | 2025-05-02 | 7.8 High |
| Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or EXE file. | ||||
| CVE-2025-23179 | 2025-05-02 | 5.5 Medium | ||
| CWE-798: Use of Hard-coded Credentials | ||||
| CVE-2021-34577 | 1 Kadenvodomery | 2 Picoflux Air, Picoflux Air Firmware | 2025-05-01 | 6.5 Medium |
| In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device. | ||||
| CVE-2024-40410 | 1 Cybelesoft | 1 Thinfinity Workspace | 2025-05-01 | 4.8 Medium |
| Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptographic key used for encryption. | ||||
| CVE-2022-40263 | 1 Bd | 2 Totalys Multiprocessor, Totalys Multiprocessor Firmware | 2025-04-30 | 6.6 Medium |
| BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). Customers using BD Totalys MultiProcessor version 1.70 with Microsoft Windows 10 have additional operating system hardening configurations which increase the attack complexity required to exploit this vulnerability. | ||||