CWE-798: CWE-798

This vulnerability allows attackers with administrative privileges on the Trellix ePolicy Orchestrator server to access the database encryption key by...

Unauthenticated attackers on the same network can use SSH private keys to perform actions on LoadMaster HA/Cluster machines by knowing their IP addres...

CVE-2024-29966 is a vulnerability in Brocade SANnav OVA appliances where hard-coded root credentials are documented, allowing unauthenticated attacker...

The Elink Smart eSmartCam Android app version 2.1.5 contains hardcoded AES encryption keys in its binary, allowing attackers who can intercept network...

This vulnerability allows attackers to access sensitive data in Comarch ERP XL databases using a hard-coded password that's identical across all insta...

CVE-2023-37608 is a hardcoded credential vulnerability in Automatic Systems SOC FL9600 FirstLane devices that allows remote attackers to gain super ad...

CVE-2023-36647 is a critical authentication bypass vulnerability in ProLion CryptoSpike where a hard-coded private key allows attackers to forge JWT t...

Archery v1.10.0 uses predictable initialization vectors (IVs) for AES-CBC encryption, allowing attackers to decrypt sensitive data without the encrypt...

SuperAGI v0.0.13 uses a hardcoded encryption key, making all encrypted data vulnerable to decryption by attackers. This affects anyone using this vers...

CVE-2023-5318 involves hard-coded credentials in Microweber CMS versions before 2.0, allowing attackers to gain unauthorized access to affected system...

This vulnerability allows attackers with access to backup or configuration files to decrypt sensitive information using a hard-coded cryptographic key...

Fujitsu Real-time Video Transmission Gear 'IP series' devices contain hard-coded credentials that allow remote unauthenticated attackers to initialize...

Sage 300's optional Web Screens feature uses a hard-coded encryption key to protect database credentials, allowing attackers who can access the config...

This vulnerability allows unauthorized access to the RTSP video feed of TP-Link Tapo C310 cameras by using hardcoded credentials (User: ---, Password:...

This vulnerability involves Ovarro TBox TWinSoft software using a hardcoded user account 'TWinSoft' with a static, predictable key. Attackers can expl...

FileWave versions before 14.6.3 and 14.7.x before 14.7.2 use a hard-coded cryptographic key, allowing unauthenticated attackers to decrypt sensitive i...

IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials that could allow attackers to authenticate to the system, communicate wit...

This vulnerability allows attackers to bypass authentication on Verizon 5G Home LVSKIHP devices by extracting static certificates embedded in the firm...

IBM QRadar Network Security versions 5.4.0 and 5.5.0 contain hard-coded credentials that could allow attackers to authenticate to the system, communic...

CVE-2022-23942 is a vulnerability in Apache Doris where hardcoded cryptographic keys and initialization vectors (IVs) were used for encrypting LDAP pa...

RunAsSpc 4.0 uses a hardcoded encryption key that can be recovered by attackers. This allows anyone with access to encrypted credential files to decry...

CVE-2021-46247 is a hard-coded cryptographic key vulnerability in ASUS CMAX6000 routers that allows attackers to decrypt encrypted data. This affects ...

CVE-2022-22722 is a hard-coded SSH cryptographic key vulnerability in Schneider Electric Easergy P5 protection relays. Attackers who obtain the key an...

Apache Kylin's PasswordPlaceholderConfigurer uses hardcoded encryption keys and initialization vectors, making encrypted passwords easily decryptable ...

This vulnerability involves hard-coded cryptographic keys in FortiOS SSLVPN that could be extracted through reverse engineering. Attackers could poten...

Zoho ManageEngine Remote Access Plus versions before 10.1.2121.1 contain hardcoded credentials in resetPWD.xml, allowing attackers to bypass authentic...

This vulnerability in OnyakTech Comments Pro 3.8 allows attackers to spoof user identities in comment systems. By decompiling the installer to discove...

This vulnerability involves hard-coded API keys in the Retty mobile app, allowing attackers to extract credentials for external services by analyzing ...

EDIMAX wireless network cameras have a hard-coded default administrator account and password in their firmware. Remote attackers can extract these cre...

This vulnerability in Xiaomi routers allows attackers to decrypt backup files containing sensitive user information like passwords due to hard-coded e...

Athom Homey and Homey Pro devices use a static, well-known ZigBee network key instead of generating unique keys, allowing attackers to decrypt and pot...

IBM Security Verify Bridge contains hard-coded credentials that could allow attackers to authenticate to the system, communicate with external compone...

ThinkAdmin v6 has hardcoded default administrator credentials that allow attackers to gain full administrative dashboard access. This affects all inst...

This vulnerability allows attackers to take over AD-only accounts in Zoho Analytics products due to a hardcoded sensitive token. It affects on-premise...

Toshiba printers store WebDAV access credentials in readable files, allowing attackers to gain full WebDAV access to affected printers. This affects a...

This vulnerability in TIBCO Hawk components allows attackers with access to log files to extract credentials used for EMS server authentication. Affec...

CVE-2023-45226 involves hardcoded credentials in F5 BIG-IP SPK TMM debug containers that could allow attackers to impersonate SSH servers when SSH deb...

EdgeConnect SD-WAN Orchestrator instances use shared static SSH host keys across all installations, allowing attackers to spoof legitimate Orchestrato...

This vulnerability allows attackers to activate tethering mode on Meeting Owl devices using hard-coded credentials, potentially enabling unauthorized ...

NMIS/BioDose software versions V22.02 and earlier contain hard-coded plain text passwords in executable binaries, allowing attackers to bypass authent...

This vulnerability allows attackers to send SMS messages through goTenna servers without authorization by using a hardcoded verification token in the ...

The GoodWe GW1500-XS inverter contains hard-coded Wi-Fi credentials that allow anyone within physical proximity to connect to the device's Wi-Fi netwo...

CVE-2024-8005 is a critical authentication bypass vulnerability in demozx gf_cms versions 1.0 and 1.0.1 that allows attackers to gain unauthorized acc...

CVE-2024-29063 is an information disclosure vulnerability in Azure AI Search that could allow unauthorized access to sensitive data. This affects Azur...

ASUS WebStorage contains a hardcoded API token in its source code, allowing unauthenticated remote attackers to connect to the server and attempt logi...

Taiwan Secom Dr.ID Access Control system's login page contains hard-coded credentials in source code, allowing unauthenticated remote attackers to acc...

This vulnerability involves undocumented password-protected FTP access to the root directory in certain Phoenix Contact AXL F BK and IL BK devices. At...

This vulnerability allows remote attackers to execute arbitrary code on GE Reason RPV311 14A03 devices without authentication. The firmware contains h...

CVE-2023-36651 is a critical authentication bypass vulnerability in ProLion CryptoSpike 3.0.15P2 where hard-coded super-admin credentials allow remote...

Technicolor TG670 10.5.N.9 devices contain hard-coded administrative credentials that allow remote attackers to gain full control over the device when...