Total
1663 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-47796 | 1 Denver | 1 Smart Wifi Camera | 2026-04-15 | 9.8 Critical |
| Denver SHC-150 Smart Wifi Camera contains a hardcoded telnet credential vulnerability that allows unauthenticated attackers to access a Linux shell. Attackers can connect to port 23 using the default credential to execute arbitrary commands on the camera's operating system. | ||||
| CVE-2025-37111 | 1 Hpe | 1 Telco Network Function Virtual Orchestrator | 2026-04-15 | 6 Medium |
| A vulnerability was discovered in the storage policy for certain sets of authentication keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information. | ||||
| CVE-2023-49223 | 1 Precor | 3 P62, P80, P82 | 2026-04-15 | 8.8 High |
| Precor touchscreen console P62, P80, and P82 could allow a remote attacker to obtain sensitive information because the root password is stored in /etc/passwd. An attacker could exploit this to extract files and obtain sensitive information. | ||||
| CVE-2025-48491 | 2026-04-15 | N/A | ||
| Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version. | ||||
| CVE-2014-125115 | 3 Artica, Pandora Fms, Pandorafms | 3 Pandora Fms, Pandora Fms, Pandora Fms | 2026-04-15 | N/A |
| An unauthenticated SQL injection vulnerability exists in Pandora FMS version 5.0 SP2 and earlier. The mobile/index.php endpoint fails to properly sanitize user input in the loginhash_data parameter, allowing attackers to extract administrator credentials or active session tokens via crafted requests. This occurs because input is directly concatenated into an SQL query without adequate validation, enabling SQL injection. After authentication is bypassed, a second vulnerability in the File Manager component permits arbitrary PHP file uploads. The file upload functionality does not enforce MIME-type or file extension restrictions, allowing authenticated users to upload web shells into a publicly accessible directory and achieve remote code execution. | ||||
| CVE-2023-49222 | 2026-04-15 | 8.8 High | ||
| Precor touchscreen console P82 contains a private SSH key that corresponds to a default public key. A remote attacker could exploit this to gain root privileges. | ||||
| CVE-2020-37092 | 1 Netis-systems | 1 Netis E1+ | 2026-04-15 | 7.5 High |
| Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full administrative access to the network device. | ||||
| CVE-2023-6198 | 2026-04-15 | 9.3 Critical | ||
| Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User Passwords modules) allows unauthorized access to the device. | ||||
| CVE-2023-49221 | 2026-04-15 | 7.8 High | ||
| Precor touchscreen console P62, P80, and P82 could allow a remote attacker (within the local network) to bypass security restrictions, and access the service menu, because there is a hard-coded service code. | ||||
| CVE-2025-4569 | 1 Asus | 1 Myasus | 2026-04-15 | N/A |
| An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more information. | ||||
| CVE-2025-2394 | 2026-04-15 | N/A | ||
| Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure. | ||||
| CVE-2025-8570 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.8 Critical |
| The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the determine_current_user filter in versions 1.4.2 through 3.0.1. This makes it possible for unauthenticated attackers to craft valid tokens and assume any user’s identity. | ||||
| CVE-2023-52723 | 1 Kde | 1 Libksieve | 2026-04-15 | 7.1 High |
| In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value. | ||||
| CVE-2025-1393 | 2026-04-15 | 9.8 Critical | ||
| An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product. | ||||
| CVE-2024-39208 | 1 Luciapplucky | 1 Luci-app-lucky | 2026-04-15 | 9.8 Critical |
| luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials. | ||||
| CVE-2025-4378 | 2026-04-15 | 10 Critical | ||
| Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass.This issue affects ATA-AOF Mobile Application: before 20.06.2025. | ||||
| CVE-2025-43982 | 2026-04-15 | 9.8 Critical | ||
| Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI. | ||||
| CVE-2025-30118 | 2026-04-15 | 7.5 High | ||
| An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper multi-device authentication, allowing attackers to deny the owner access by occupying the only available connection. The SSID remains broadcast at all times, increasing exposure to potential attacks. | ||||
| CVE-2024-2161 | 2026-04-15 | 9.8 Critical | ||
| Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 . | ||||
| CVE-2025-4049 | 2026-04-15 | N/A | ||
| Use of hard-coded, the same among all vulnerable installations SQLite credentials vulnerability in SIGNUM-NET FARA allows to read and manipulate local-stored database.This issue affects FARA: through 5.0.80.34. | ||||