Total
1270 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21524 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 9 more | 2024-05-29 | N/A | 7.8 HIGH |
| Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | |||||
| CVE-2023-36013 | 1 Microsoft | 1 Powershell | 2024-05-29 | N/A | 6.5 MEDIUM |
| PowerShell Information Disclosure Vulnerability | |||||
| CVE-2024-1661 | 1 Totolink | 1 X6000r Firmware | 2024-05-17 | 1.0 LOW | 5.5 MEDIUM |
| A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3237 | 1 Otcms | 1 Otcms | 2024-05-17 | 5.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231508. | |||||
| CVE-2023-0808 | 3 Bosswerk, Deyeinverter, Revolt-power | 6 Inverter, Inverter Firmware, Inverter and 3 more | 2024-05-17 | 3.7 LOW | 6.8 MEDIUM |
| A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version MW3_16U_5406_1.53 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-220769 was assigned to this vulnerability. | |||||
| CVE-2022-4611 | 1 Clickstudios | 1 Passwordstate | 2024-05-17 | N/A | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This affects an unknown part. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216273 was assigned to this vulnerability. | |||||
| CVE-2014-125030 | 1 Empress Project | 1 Empress | 2024-05-17 | 5.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected by this issue is some unknown functionality. The manipulation leads to use of hard-coded password. The patch is identified as 557e177d8a309d6f0f26de46efb38d43e000852d. It is recommended to apply a patch to fix this issue. VDB-217154 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-4844 | 2024-05-16 | N/A | 7.5 HIGH | ||
| Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was possible through using a hard coded password for the keystore. Access Control restrictions on the file mean this would not be exploitable unless the user is the system admin for the server that ePO is running on. | |||||
| CVE-2024-32053 | 2024-05-16 | N/A | 9.8 CRITICAL | ||
| Hard-coded credentials are used by theĀ CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business application. | |||||
| CVE-2024-27107 | 2024-05-14 | N/A | 9.6 CRITICAL | ||
| Weak account password in GE HealthCare EchoPAC products | |||||
| CVE-2024-32740 | 2024-05-14 | N/A | 9.8 CRITICAL | ||
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device locally or over the network. | |||||
| CVE-2024-23473 | 2024-05-14 | N/A | 8.6 HIGH | ||
| The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability allows access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. | |||||
| CVE-2023-34284 | 2024-05-03 | N/A | 6.3 MEDIUM | ||
| NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the system configuration. The system contains a hardcoded user account which can be used to access the CLI service as a low-privileged user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19660. | |||||
| CVE-2023-39458 | 2024-05-03 | N/A | 5.3 MEDIUM | ||
| Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certificates. The service uses a hard-coded default SSL certificate. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20509. | |||||
| CVE-2023-44411 | 2024-05-03 | N/A | 9.8 CRITICAL | ||
| D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InstallApplication class. The class contains a hard-coded password for the remotely reachable database. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19553. | |||||
| CVE-2023-51588 | 2024-05-03 | N/A | 7.8 HIGH | ||
| Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of a MySQL instance. The issue results from hardcoded database credentials. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22075. | |||||
| CVE-2024-3544 | 2024-05-02 | N/A | 7.5 HIGH | ||
| Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed. | |||||
| CVE-2024-29963 | 2024-04-26 | N/A | 1.9 LOW | ||
| Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries. | |||||
| CVE-2024-29960 | 2024-04-26 | N/A | 6.8 MEDIUM | ||
| In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav. | |||||
| CVE-2024-29966 | 2024-04-19 | N/A | 7.5 HIGH | ||
| Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance. | |||||