CVE Daily
← All tags

Tag: Hardcoded Credentials

All CVEs associated with "Hardcoded Credentials". Page 1/1 • 30 CVEs.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-08-18
Medium

CVE-2025-33100

IBM Concert Software 1.0.0 through 1.1.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to extern…

CVSS: 6.2 CWE: CWE-798
Read more
2025-08-17
Low

CVE-2025-9091

A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials.…

CVSS: 2.5 CWE: CWE-259
Read more
2025-08-14
Low

CVE-2025-8974

A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHe…

CVSS: 3.7 CWE: CWE-259
Read more
2025-08-08
Critical

CVE-2025-8730

A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulati…

CVSS: 9.8 CWE: CWE-259
Read more
2025-08-06
Critical

CVE-2025-7768

Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privile…

CVSS: 9.3 CWE: CWE-798
Read more
2025-08-04
High

CVE-2025-44955

RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardcoded password.

CVSS: 8.8 CWE: CWE-259
Read more
2025-07-30
Low

CVE-2025-36609

Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains a Use of Hard-coded Password vulnerability. A low privileged attacker with local access could potentially exploit this vulnerabili…

CVSS: 2.5 CWE: CWE-259
Read more
2025-07-27
Medium

CVE-2025-8231

A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. This issue affects some unknown processing of the file rgbin of the component UART Port. The manipul…

CVSS: 6.8 CWE: CWE-259
Read more
2025-07-24
High

CVE-2025-31953

HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties.

CVSS: 7.1 CWE: CWE-798
Read more
2025-07-23
Critical

CVE-2025-54455

Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.

CVSS: 9.1 CWE: CWE-798
Read more
Critical

CVE-2025-54454

Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.

CVSS: 9.1 CWE: CWE-798
Read more
2025-07-21
Medium

CVE-2025-46118

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser accoun…

CVSS: 5.3 CWE: CWE-284
Read more
High

CVE-2025-4130

Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allows Read Sensitive Constants Within an Executable.This issue affects PAVO Pay: before 13.05.2025.

CVSS: 7.5 CWE: CWE-798
Read more
2025-07-16
Medium

CVE-2025-6982

Use of Hard-coded Credentials in TP-Link Archer C50 V3( <= 180703)/V4( <= 250117 )/V5( <= 200407 ), allows attackers to decrypt the config.xml files.

CVSS: 6.9 CWE: CWE-798
Read more
Medium

CVE-2025-53842

Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of…

CVSS: 4.5 CWE: CWE-798
Read more
2025-07-15
Critical

CVE-2025-52376

An authentication bypass vulnerability in the /web/um_open_telnet.cgi endpoint in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below, allowing an attacker to remotely enable the Telnet…

CVSS: 9.8 CWE: CWE-287
Read more
Critical

CVE-2025-3621

Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems.  * vulnerabilities: * Improper Neutralization of Special Ele…

CVSS: 9.6 CWE: CWE-77
Read more
2025-07-14
Low

CVE-2025-7577

A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16. It has been classified as problematic. This affects an unknown part. The manipulation leads to use of hard-coded…

CVSS: 3.7 CWE: CWE-255
Read more
High

CVE-2025-7564

A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the…

CVSS: 7.8 CWE: CWE-259
Read more
2025-07-11
Low

CVE-2025-7453

A vulnerability was found in saltbo zpan up to 1.6.5/1.7.0-beta2. It has been rated as problematic. This issue affects the function NewToken of the file zpan/internal/app/service/token.go of the comp…

CVSS: 3.7 CWE: CWE-255
Read more
2025-07-10
High

CVE-2025-5023

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within t…

CVSS: 7.1 CWE: CWE-798
Read more
2025-06-30
Low

CVE-2025-6932

A vulnerability, which was classified as problematic, was found in D-Link DCS-7517 up to 2.02.0. This affects the function g_F_n_GenPassForQlync of the file /bin/httpd of the component Qlync Password…

CVSS: 3.7 CWE: CWE-255
Read more
2025-06-06
Medium

CVE-2025-5751

WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected inst…

CVSS: 6.8 CWE: CWE-798
Read more
2025-03-20
Critical

CVE-2025-2538

A hardcoded credential vulnerability exists in a specific deployment pattern for Esri Portal for ArcGIS versions 11.4 and below that may allow a remote unauthenticated attacker to gain administrative…

CVSS: 9.8 CWE: CWE-798
Read more
Critical

CVE-2024-8551

A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write…

CVSS: 9.1 CWE: CWE-23
Read more
2025-03-17
High

CVE-2024-48831

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Hard-coded Password vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability,…

CVSS: 8.4 CWE: CWE-259
Read more
Medium

CVE-2021-22126

A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to co…

CVSS: 6.7 CWE: CWE-284
Read more
2024-05-15
Critical

CVE-2024-32053

Hard-coded credentials are used by the  CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services…

CVSS: 9.8 CWE: CWE-798
Read more
Critical

CVE-2024-32047

Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production server.

CVSS: 9.8 CWE: CWE-489
Read more
2024-05-03
Critical

CVE-2023-44411

D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-…

CVSS: 9.8 CWE: CWE-798
Read more