Vulnerabilities (CVE)

Filtered by CWE-798
Total 1270 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-21652 1 Qualcomm 240 Aqt1000, Aqt1000 Firmware, Ar8035 and 237 more 2024-04-12 N/A 7.1 HIGH
Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use.
CVE-2024-31873 2024-04-10 N/A 7.5 HIGH
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317.
CVE-2024-29063 2024-04-10 N/A 7.3 HIGH
Azure AI Search Information Disclosure Vulnerability
CVE-2018-7241 1 Schneider-electric 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more 2024-04-10 10.0 HIGH 9.8 CRITICAL
Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules.
CVE-2024-3130 2024-04-01 N/A 5.7 MEDIUM
Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app
CVE-2024-2161 2024-03-21 N/A 9.8 CRITICAL
Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .
CVE-2024-28194 2024-03-14 N/A 9.1 CRITICAL
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.8.0 use a hardcoded JSON Web Token (JWT) secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This vulnerability allows attackers to bypass authentication and authenticate as arbitrary YourSpotify users, including admin users. This issue has been addressed in version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-38995 1 Schuhfried 1 Schuhfried 2024-03-05 N/A 9.8 CRITICAL
An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command.
CVE-2023-5456 2024-03-05 N/A 8.1 HIGH
A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows a remote unauthenticated attacker to access the database service and all included data with the same privileges of the web application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
CVE-2024-23687 1 Openlibraryfoundation 1 Mod-data-export-spring 2024-02-28 N/A 9.1 CRITICAL
Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines.
CVE-2024-22770 1 Hitron Systems 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware 2024-02-28 N/A 7.5 HIGH
Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.
CVE-2024-23842 1 Hitron Systems 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware 2024-02-28 N/A 7.5 HIGH
Improper Input Validation in Hitron Systems DVR LGUVR-16H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.
CVE-2023-51840 1 Html-js 1 Doracms 2024-02-28 N/A 9.8 CRITICAL
DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.
CVE-2023-50948 1 Ibm 1 Storage Fusion Hci 2024-02-28 N/A 9.8 CRITICAL
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671.
CVE-2023-48053 1 Archerydms 1 Archery 2024-02-28 N/A 7.5 HIGH
Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.
CVE-2023-39169 1 Enbw 2 Senec Storage Box, Senec Storage Box Firmware 2024-02-28 N/A 9.8 CRITICAL
The affected devices use publicly available default credentials with administrative privileges.
CVE-2023-47315 1 H-mdm 1 Headwind Mdm 2024-02-28 N/A 8.8 HIGH
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens.
CVE-2024-22768 1 Hitron Systems 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware 2024-02-28 N/A 7.5 HIGH
Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.
CVE-2024-23453 1 Spooncast 1 Spoon 2024-02-28 N/A 5.5 MEDIUM
Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service.
CVE-2023-6255 2024-02-28 N/A 7.5 HIGH
Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable.This issue affects SoliPay Mobile App: before 5.0.8.