Total
1270 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-21652 | 1 Qualcomm | 240 Aqt1000, Aqt1000 Firmware, Ar8035 and 237 more | 2024-04-12 | N/A | 7.1 HIGH |
Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use. | |||||
CVE-2024-31873 | 2024-04-10 | N/A | 7.5 HIGH | ||
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317. | |||||
CVE-2024-29063 | 2024-04-10 | N/A | 7.3 HIGH | ||
Azure AI Search Information Disclosure Vulnerability | |||||
CVE-2018-7241 | 1 Schneider-electric | 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more | 2024-04-10 | 10.0 HIGH | 9.8 CRITICAL |
Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. | |||||
CVE-2024-3130 | 2024-04-01 | N/A | 5.7 MEDIUM | ||
Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app | |||||
CVE-2024-2161 | 2024-03-21 | N/A | 9.8 CRITICAL | ||
Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 . | |||||
CVE-2024-28194 | 2024-03-14 | N/A | 9.1 CRITICAL | ||
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.8.0 use a hardcoded JSON Web Token (JWT) secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This vulnerability allows attackers to bypass authentication and authenticate as arbitrary YourSpotify users, including admin users. This issue has been addressed in version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2023-38995 | 1 Schuhfried | 1 Schuhfried | 2024-03-05 | N/A | 9.8 CRITICAL |
An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command. | |||||
CVE-2023-5456 | 2024-03-05 | N/A | 8.1 HIGH | ||
A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows a remote unauthenticated attacker to access the database service and all included data with the same privileges of the web application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. | |||||
CVE-2024-23687 | 1 Openlibraryfoundation | 1 Mod-data-export-spring | 2024-02-28 | N/A | 9.1 CRITICAL |
Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines. | |||||
CVE-2024-22770 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-02-28 | N/A | 7.5 HIGH |
Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
CVE-2024-23842 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-02-28 | N/A | 7.5 HIGH |
Improper Input Validation in Hitron Systems DVR LGUVR-16H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
CVE-2023-51840 | 1 Html-js | 1 Doracms | 2024-02-28 | N/A | 9.8 CRITICAL |
DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key. | |||||
CVE-2023-50948 | 1 Ibm | 1 Storage Fusion Hci | 2024-02-28 | N/A | 9.8 CRITICAL |
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671. | |||||
CVE-2023-48053 | 1 Archerydms | 1 Archery | 2024-02-28 | N/A | 7.5 HIGH |
Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications. | |||||
CVE-2023-39169 | 1 Enbw | 2 Senec Storage Box, Senec Storage Box Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
The affected devices use publicly available default credentials with administrative privileges. | |||||
CVE-2023-47315 | 1 H-mdm | 1 Headwind Mdm | 2024-02-28 | N/A | 8.8 HIGH |
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens. | |||||
CVE-2024-22768 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-02-28 | N/A | 7.5 HIGH |
Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
CVE-2024-23453 | 1 Spooncast | 1 Spoon | 2024-02-28 | N/A | 5.5 MEDIUM |
Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service. | |||||
CVE-2023-6255 | 2024-02-28 | N/A | 7.5 HIGH | ||
Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable.This issue affects SoliPay Mobile App: before 5.0.8. |