CVE-2025-31953
HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties.
CVE-2025-54455
Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.
CVE-2025-54454
Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.
CVE-2025-4130
Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allows Read Sensitive Constants Within an Executable.This issue affects PAVO Pay: before 13.05.2025.
CVE-2025-4570
An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services.
Refer to the 'Security Update for for MyASUS' section on the A…
CVE-2025-4569
An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services.
Refer to the 'Security Update for for MyASUS' section on the A…
CVE-2025-4049
Use of hard-coded, the same among all vulnerable installations SQLite credentials vulnerability in SIGNUM-NET FARA allows to read and manipulate local-stored database.This issue affects FARA: through 5.0.80.34.
CVE-2025-6982
Use of Hard-coded Credentials in TP-Link Archer C50 V3(
CVE-2025-53754
This vulnerability exists in Digisol DG-GR6821AC Router due to hard-coded Root Access Credentials in system configuration of the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware a…
CVE-2025-53842
Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials.…
CVE-2025-52363
Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file and /etc/passwd-. An attacker with access to the firmware image can extract and attempt to crack the root password hash, potentially obtaining…
CVE-2024-38648
A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials.
CVE-2025-7503
An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet service (port 23) with undocumented, default credentials. The Telnet service is enabled by default and is not disclosed or configurable via the…
CVE-2025-7401
The Premium Age Verification / Restriction for WordPress plugin for WordPress is vulnerable to arbitrary file read and write due to the existence of an insufficiently protected remote support functionality in remote_tunnel.php in all versio…
CVE-2025-5023
Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the…
CVE-2025-49551
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Use of Hard-coded Credentials vulnerability that could result in privilege escalation. An attacker could leverage this vulnerability to gain unauthorized access to s…
CVE-2025-37103
Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication. Successful exploitation could allow a remote attacker to gain administrative…
CVE-2025-52492
A vulnerability has been discovered in the firmware of Paxton Paxton10 before 4.6 SR6. The firmware file, rootfs.tar.gz, contains hard-coded credentials for the Twilio API. A remote attacker who obtains a copy of the firmware can extract th…
CVE-2025-45813
ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials.
CVE-2025-20309
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using…