CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 11 hours ago•3 views

CVE-2026-35075 Hardcoded default Password for Service Account

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...

9.8CVSS5.9AI score

Nuclei•added yesterday•90 views

Viessmann Vitogate 300 - Hardcoded Password

A critical vulnerability in Viessmann Vitogate 300 up to 2.1.3.0 allows attackers to authenticate using hardcoded credentials in the Web Management Interface. id: CVE-2023-5222 info: name: Viessmann Vitogate 300 - Hardcoded Password author: ritikchaddha severity: critical description: | A critica...

9.8CVSS6.7AI score0.90238EPSS

Exploits4References3

NVD•added 6 days ago•7 views

CVE-2026-24444

SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints mgmt.php, npcmd.php that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the...

9.8CVSS0.00059EPSS

Cvelist•added 6 days ago•23 views

CVE-2026-24444 SDMC NE6037 Hardcoded Password via mgmt.php/npcmd.php

9.8CVSS0.00059EPSS

CVE•added 6 days ago•10 views

CVE-2026-24444

CVE-2026-24444 concerns SDMC NE6037 cable modem routers with firmware 7.1.6.0.25 and 7.1.6.1.9_B9. A hardcoded password in the web management interface recovery endpoints (mgmt.php, npcmd.php) allows unauthenticated users to submit the credential via HTTP and gain root access. This enables enabli...

EUVD•added 6 days ago•3 views

EUVD-2026-32928

ATTACKERKB•added 6 days ago•6 views

CVE-2026-24444

Exploits0References3Affected Software1

Vulnrichment•added 6 days ago•4 views

CVE-2026-24444 SDMC NE6037 Hardcoded Password via mgmt.php/npcmd.php

Positive Technologies•added 6 days ago•7 views

PT-2026-44402

SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9 B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints mgmt.php, npcmd.php that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the...

Patchstack•added 2026/04/07 6:37 a.m.•3 views

Exploits0References3

WordPress Text to Speech (TTS) by Mementor plugin <= 1.9.8 - Use of Hardcoded Password to Unauthenticated Remote Database Access vulnerability

Use of Hardcoded Password to Unauthenticated Remote Database Access vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Text to Speech – TTSWP versions = 1.9.8...

7.5CVSS5.9AI score0.00024EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/03/31 4:59 a.m.•4 views

CVE-2025-7741

Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account PROG used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default...

EUVD•added 2026/03/30 12:31 a.m.•4 views

EUVD-2025-209116

NVD•added 2026/03/30 12:16 a.m.•3 views

CVE-2025-7741

2.1CVSS0.00023EPSS

ATTACKERKB•added 2026/03/30 12:1 a.m.•1 views

CVE-2025-7741

CVE•added 2026/03/30 12:1 a.m.•7 views

CVE-2025-7741

The CVE-2025-7741 entry concerns a hardcoded password issue in CENTUM VP systems. A hardcoded PROG user password (CENTUM Authentication Mode) exists in CENTUM VP releases R5.01.00–R5.04.20, R6.01.00–R6.12.00, and R7.01.00. Exploitation requires local access: an attacker must obtain the hardcoded ...

Vulnrichment•added 2026/03/30 12:1 a.m.•4 views

CVE-2025-7741