CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3038 matches found

Prion•added 2023/11/28 9:15 p.m.•16 views

Hardcoded credentials

The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts...

4.6CVSS6.8AI score0.00274EPSS

Exploits0References1Affected Software1

VulnCheck KEV•added 2023/11/28 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-8226

Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a...

9.8CVSS7.3AI score0.03766EPSS

Exploits1References1

Prion•added 2023/11/27 12:15 p.m.•14 views

Hardcoded credentials

A flaw was found in libnbd, due to a malicious Network Block Device NBD, a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service...

5CVSS6.8AI score0.00922EPSS

Exploits0References3Affected Software2

Prion•added 2023/11/22 5:15 p.m.•33 views

Hardcoded credentials

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens...

6.5CVSS7.3AI score0.00784EPSS

Exploits1References1Affected Software1

Prion•added 2023/11/16 6:15 p.m.•14 views

Hardcoded credentials

SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications...

5CVSS7.1AI score0.00371EPSS

Exploits0References1Affected Software1

Prion•added 2023/11/14 7:15 p.m.•16 views

Hardcoded credentials

A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials...

1.7CVSS7.1AI score0.00195EPSS

Exploits0References1Affected Software2

Prion•added 2023/11/14 11:15 a.m.•25 views

Hardcoded credentials

Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the...

3.3CVSS5.7AI score0.00688EPSS

Exploits0References4Affected Software71

Packet Storm•added 2023/11/13 12:0 a.m.•310 views

EnBw SENEC Legacy Storage Box Hardcoded Credentials

Advisory ID: Ph0s-2023-003 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-798: Use of...

7AI score0.00963EPSS

Exploits5

Prion•added 2023/11/09 11:15 p.m.•11 views

Hardcoded credentials

The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information...

5CVSS7AI score0.00539EPSS

Exploits0References1Affected Software1

Prion•added 2023/11/02 10:15 p.m.•52 views

Hardcoded credentials

Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token...

7.5CVSS9.2AI score0.00681EPSS

Exploits0References2Affected Software1