Total
1559 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37287 | 1 Smartsoft | 1 Smartbpm.net | 2024-11-21 | 9.1 Critical |
| SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes. | ||||
| CVE-2023-37286 | 1 Smartsoft | 1 Smartbpm.net | 2024-11-21 | 9.8 Critical |
| SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service. | ||||
| CVE-2023-37215 | 1 Jbl | 2 Jbl Bar 5.1 Surround, Jbl Bar 5.1 Surround Firmware | 2024-11-21 | 6.2 Medium |
| JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials | ||||
| CVE-2023-36817 | 2 Kingstemple, Tktchurch | 2 The King\'s Temple Church Website, Website | 2024-11-21 | 7.5 High |
| `tktchurch/website` contains the codebase for The King's Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church's project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized party gains access to this key, they could potentially carry out transactions on behalf of the organization, leading to financial losses. Additionally, they could access sensitive customer information, leading to privacy violations and potential legal implications. The affected component is the codebase of our project, specifically the file(s) where the Stripe API key is embedded. The key should have been stored securely, and not committed to the codebase. The maintainers plan to revoke the leaked Stripe API key immediately, generate a new one, and not commit the key to the codebase. | ||||
| CVE-2023-36651 | 1 Prolion | 1 Cryptospike | 2024-11-21 | 7.2 High |
| Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials. | ||||
| CVE-2023-35987 | 1 Piigab | 2 M-bus 900s, M-bus 900s Firmware | 2024-11-21 | 9.8 Critical |
| PiiGAB M-Bus contains hard-coded credentials which it uses for authentication. | ||||
| CVE-2023-35763 | 1 Iagona | 1 Scrutisweb | 2024-11-21 | 5.5 Medium |
| Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext. | ||||
| CVE-2023-34123 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-11-21 | 7.5 High |
| Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | ||||
| CVE-2023-33836 | 1 Ibm | 1 Security Verify Governance | 2024-11-21 | 5.3 Medium |
| IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016. | ||||
| CVE-2023-33744 | 1 Teleadapt | 2 Roomcast Ta-2400, Roomcast Ta-2400 Firmware | 2024-11-21 | 9.8 Critical |
| TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN): 385521, 843646, and 592671. | ||||
| CVE-2023-33413 | 1 Supermicro | 724 B12dpe-6, B12dpe-6 Firmware, B12dpt-6 and 721 more | 2024-11-21 | 8.8 High |
| The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands. | ||||
| CVE-2023-33372 | 1 Connectedio | 1 Connected Io | 2024-11-21 | 9.8 Critical |
| Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them. in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. | ||||
| CVE-2023-33371 | 1 Assaabloy | 1 Control Id Idsecure | 2024-11-21 | 9.8 Critical |
| Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. | ||||
| CVE-2023-33304 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 4.4 Medium |
| A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials. | ||||
| CVE-2023-32619 | 1 Tp-link | 4 Archer C50 V3, Archer C50 V3 Firmware, Archer C55 and 1 more | 2024-11-21 | 8.8 High |
| Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command. | ||||
| CVE-2023-32227 | 1 Synel | 2 Synergy\/a, Synergy\/a Firmware | 2024-11-21 | 9.8 Critical |
| Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials | ||||
| CVE-2023-32077 | 1 Gravitl | 1 Netmaker | 2024-11-21 | 7.5 High |
| Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server. | ||||
| CVE-2023-31808 | 1 Technicolor | 2 Tg670, Tg670 Firmware | 2024-11-21 | 7.2 High |
| Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled. | ||||
| CVE-2023-31581 | 1 Dromara | 1 Sureness | 2024-11-21 | 9.8 Critical |
| Dromara Sureness before v1.0.8 was discovered to use a hardcoded key. | ||||
| CVE-2023-31579 | 1 Tangyh | 1 Lamp-cloud | 2024-11-21 | 9.8 Critical |
| Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token. | ||||