CWE-798: CWE-798

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials that allow unauthenticated remote attackers to gain r...

SQL Anywhere Monitor (Non-GUI) contains hardcoded credentials that allow attackers to bypass authentication and execute arbitrary code. This affects a...

This critical vulnerability allows unauthenticated remote attackers to log into Cisco Unified Communications Manager systems using static root credent...

Netwrix Directory Manager (formerly Imanami GroupID) versions through 10.0.7784.0 contain a hard-coded password vulnerability. This allows attackers t...

This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote attackers to upload arbitrary files and execute com...

SENTRON 7KT PAC1260 Data Manager devices contain hardcoded root credentials that allow unauthenticated remote attackers to gain full system access whe...

This vulnerability allows unauthenticated attackers to access PostgreSQL databases in Versa Director installations due to default weak credentials and...

Qognify NiceVision versions 3.1 and prior contain hard-coded credentials that allow attackers to access sensitive information and modify database reco...

CVE-2021-40422 is an authentication bypass vulnerability in Swift Sensors Gateway SG3-1010 that allows remote attackers to execute arbitrary code with...

Airangel HSMX Gateway devices through version 5.2.04 contain hard-coded database credentials, allowing attackers to gain unauthorized access to the de...

This vulnerability involves hard-coded credentials in Juniper Junos OS on NFX Series devices, allowing attackers to take over any NFX deployment insta...

This CVE involves hard-coded credentials in Bosch FSM server databases, allowing unauthenticated remote attackers to gain admin access. This can lead ...

Binardat 10G08-0800GSM network switches contain hard-coded administrative credentials that cannot be changed, allowing attackers with knowledge of the...

CVE-2026-23647 allows attackers to remotely authenticate to Glory RBG-100 recycler systems using hard-coded Linux credentials, including administrativ...

CVE-2026-26218 allows unauthenticated attackers to gain administrative control of newbee-mall applications by using predictable default passwords on p...

3DP-MANAGER versions 2.0.1 and earlier automatically create an administrative account with default credentials (admin/admin) on first initialization. ...

FUXA v1.2.7 contains a hard-coded JWT secret key that allows attackers to forge valid authentication tokens. This enables complete authentication bypa...

MagicINFO 9 Server versions below 21.1090.1 contain hardcoded database credentials, allowing attackers to authenticate and manipulate the database. Th...

CVE-2023-53983 allows attackers to gain full administrative control of Anevia Flamingo XL/XS devices by exploiting weak default credentials. This affe...

SOUND4 IMPACT/FIRST/PULSE/Eco devices versions 2.x and below contain hardcoded credentials in server binaries that cannot be changed through normal op...

ClipBucket 5.5.2 ships with hardcoded default administrative credentials, allowing unauthenticated remote attackers to gain full administrative contro...

CVE-2025-56157 exposes Dify installations to unauthorized database access through hardcoded PostgreSQL credentials in docker-compose.yaml. Attackers c...

The Growatt ShineLan-X communication dongle contains an undocumented backup account with hardcoded credentials, creating a backdoor that allows attack...

CVE-2025-36747 is a critical vulnerability in ShineLan-X firmware where hardcoded FTP credentials allow attackers to establish insecure connections. T...

This vulnerability in Gladinet CentreStack and Triofox involves hardcoded AES encryption keys, allowing attackers to decrypt sensitive data and potent...

The Meatmeet Pro device contains hardcoded Wi-Fi credentials in its firmware, allowing attackers to gain unauthorized access to the vendor's Wi-Fi net...

ALLNET ALL-RUT22GW routers contain hardcoded credentials in the libicos.so library, allowing attackers to gain unauthorized access to the device. This...

The Felan Framework WordPress plugin contains hardcoded passwords in social login functions, allowing unauthenticated attackers to log in as any user ...

This vulnerability allows attackers who obtain the hardcoded SSH private key to impersonate any managed IoT/edge device in AiKaan Cloud Controller env...

Vasion Print (formerly PrinterLogic) appliances use the same hardcoded SSH host private keys across all installations instead of unique per-appliance ...

The BeyondCart Connector WordPress plugin has a critical privilege escalation vulnerability in versions 1.4.2 through 2.1.0. Unauthenticated attackers...

This vulnerability allows attackers to access PTZOptics and other ValueHD-based pan-tilt-zoom cameras using default, shared administrative credentials...

This vulnerability affects PTZOptics and other ValueHD-based pan-tilt-zoom cameras that use hard-coded default administrative credentials that cannot ...

Clinic Image System contains hard-coded administrator credentials in its source code, allowing unauthenticated remote attackers to gain full system ac...

OpenAtlas v8.11.0 contains a hardcoded administrator password, allowing attackers to gain full administrative access to the system. This affects all d...

Marbella KR8s Dashcam FF 2.0.8 devices ship with a universal default password (12345678) that cannot be changed to a strong password (limited to 8 cha...

This vulnerability in the Premium Age Verification WordPress plugin allows unauthenticated attackers to read or write arbitrary files on the server th...

CVE-2025-37103 is a critical authentication bypass vulnerability in HPE Networking Instant On Access Points where hard-coded credentials allow attacke...

ENENSYS IPGuard v2 2.10.0 contains hardcoded credentials that could allow attackers to gain unauthorized access to the system. This affects all deploy...

D-Link DPH-400S/SE VoIP phones contain hardcoded provisioning credentials in their firmware, allowing attackers who obtain the firmware image to extra...

OpenC3 COSMOS versions before v6.0.2 contain hardcoded credentials for a Service Account, allowing attackers to gain unauthorized access to the system...

The CS5000 Fire Panel contains a hard-coded VNC password that cannot be changed, allowing attackers with knowledge of this password to gain remote adm...

NETSCOUT nGeniusONE versions before 6.4.0 b2350 contain hardcoded credentials within JAR files that can be extracted by attackers. This allows unautho...

CVE-2025-46273 is a critical vulnerability in UNI-NMS-Lite network management software where hard-coded administrative credentials allow unauthenticat...

A hardcoded credential vulnerability in Esri Portal for ArcGIS versions 11.4 and below allows remote unauthenticated attackers to gain administrative ...

This vulnerability allows attackers to gain unauthorized access to G-Net GNET dashcam systems using hardcoded credentials found in the mobile applicat...

ROADCAM X3 devices have hardcoded default credentials that cannot be changed by users, allowing attackers to gain unauthorized administrative access. ...

The Forvia Hella HELLA Driving Recorder DR 820 dashcam's Android application contains hardcoded credentials that allow unauthorized access to device s...

This vulnerability allows unauthenticated remote attackers to gain full administrative control over affected systems using hard-coded credentials. Any...

This vulnerability involves hardcoded root passwords in specific TP-Link router firmware versions, allowing attackers to gain administrative access. A...