Search Results (1739 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-7358 1 Utarit 1 Soliclub 2026-06-05 7.5 High
Use of Hard-coded Credentials vulnerability in Utarit Informatics Services Inc. SoliClub allows Authentication Abuse. This issue affects SoliClub: before 5.3.7.
CVE-2026-36606 1 Mercusys 1 Ac12g 2026-06-05 7.1 High
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials.
CVE-2026-36616 1 Mercusys 1 Ac12g 2026-06-05 5.9 Medium
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary.
CVE-2026-8876 1 Securly 2 Securly, Securly Chrome Extension 2026-06-05 7.3 High
Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data.
CVE-2026-49204 1 Acer 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router 2026-06-05 6.5 Medium
Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation.
CVE-2026-50213 1 Acer 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router 2026-06-05 7.5 High
The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings.
CVE-2025-10609 1 Logo Software 1 Tigerwings Erp 2026-06-05 5.9 Medium
Use of Hard-coded Credentials vulnerability in Logo Software Inc. TigerWings ERP allows Read Sensitive Constants Within an Executable. This issue affects TigerWings ERP: from 01.01.00 before 3.03.00.
CVE-2026-42929 2 Danelec, Macgregor 3 Macgregor Voyage Data Recorder (vdr) G4e, Interschalt Vdr G4e, Interschalt Vdr G4e Firmware 2026-06-04 8.3 High
Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials.
CVE-2019-25722 1 Draeger 5 Sc6802xl, Sc8000, Sc90000 Xl and 2 more 2026-06-03 7.6 High
Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with direct device access can use the hard-coded credentials to access service and clinical accounts and alter device configuration, while a remote attacker can send malformed network packets to cause repeated device reboots, ultimately resulting in loss of network connectivity and disruption of patient monitoring.
CVE-2024-0949 1 Talya Informatics 1 Elektraweb 2026-06-03 9.8 Critical
Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68.
CVE-2020-6990 1 Rockwellautomation 6 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 3 more 2026-06-03 9.8 Critical
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller.
CVE-2016-5645 1 Rockwellautomation 6 1766-l32awa, 1766-l32awaa, 1766-l32bwa and 3 more 2026-06-03 7.3 High
Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded SNMP community, which makes it easier for remote attackers to load arbitrary firmware updates by leveraging knowledge of this community.
CVE-2024-6656 2 Tnb Mobile Solutions, Tnbmobil 2 Cockpit Software, Cockpit 2026-06-03 9.8 Critical
Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable. This issue affects Cockpit Software: before v2.13.
CVE-2022-34151 1 Omron 113 Na5-12w, Na5-12w Firmware, Na5-15w and 110 more 2026-06-02 9.4 Critical
Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller.
CVE-2019-10990 1 Redlion 1 Crimson 2026-06-02 6.5 Medium
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files.
CVE-2026-25600 1 Trac 1 Pdbm 2026-06-02 6.4 Medium
The PDBM application relies on a static, hard‑coded secret embedded in the PDBM.exe executable. This secret is used by the application’s encryption routines, including the function responsible for decrypting credentials stored in the product’s configuration file. Because the secret is constant across installations, any attacker with sufficient local privileges can extract it from the binary. Once obtained, the secret allows the attacker to decrypt the stored password and authenticate as the user defined in the configuration file. In the affected version, this user account is configured with administrative privileges, granting full access to PDBM’s management interface and its underlying operational functions.
CVE-2026-42251 1 Kamsoft 1 Ks-somed 2026-06-02 N/A
Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a legitimate update. This issue affects KS-SOMED with modules: KSPLUPDFTP.exe up to 30.00.00.056 and ANEKSKLIENT.EXE up to 29.00.02.026 Beside removing the hard-coded credentials from the code and changing the update process, access granted by previously exposed credentials was limited to read-only.
CVE-2017-14728 1 Orpak 1 Siteomat 2026-06-02 9.8 Critical
An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and HTTP remote authentication open to public.
CVE-2026-5065 1 Ibm 1 Controller 2026-06-02 8.8 High
IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CVE-2024-9334 2026-06-02 8.2 High
Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control vulnerability in E-Kent Pallium Vehicle Tracking allows Authentication Bypass. This issue affects Pallium Vehicle Tracking: before 17.10.2024.