CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/22 9:47 p.m.•9 views

CVE-2022-45291

PWS Personal Weather Station Dashboard PWSDashboard LTS December 2020 2012lts allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWSprintfile.php, PWSframetext.php, PWSlistfile.php, PWSwinter.php, and PWSeasyweathersetup.php endpoints. A contributing factor ...

7.2CVSS8.1AI score0.01326EPSS

RedhatCVE•added 2025/05/22 9:46 p.m.•6 views

CVE-2022-25577

ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data...

9.1CVSS7.5AI score0.01197EPSS

RedhatCVE•added 2025/05/22 9:45 p.m.•5 views

CVE-2022-47036

Siklu TG Terragraph devices before approximately 2.1.1 have a hardcoded root password that has been revealed via a brute force attack on an MD5 hash. It can be used for "debug login" by an admin. NOTE: the vulnerability is not fixed by the 2.1.1 firmware; instead, it is fixed in newer hardware,...

9.8CVSS7.2AI score0.00519EPSS

RedhatCVE•added 2025/05/22 9:22 p.m.•7 views

CVE-2021-41320

A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 64-bit edition with higher privilege than the average authenticated user. NOTE: the vendor disputes this because the password is not hardcoded it can be changed during installation or at any later time...

5.5CVSS7.1AI score0.00227EPSS

RedhatCVE•added 2025/05/22 9:12 p.m.•6 views

CVE-2021-27144

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded fi!b@er$h%o^mesuperadmin / sfuh+g|u credentials for an ISP...

9.8CVSS7.2AI score0.21943EPSS

RedhatCVE•added 2025/05/22 9:10 p.m.•4 views

CVE-2021-27145

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / lnadmin credentials for an ISP...

9.8CVSS7.2AI score0.23633EPSS

RedhatCVE•added 2025/05/22 9:10 p.m.•6 views

CVE-2021-27154

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / G0R2U1P2ag credentials for an ISP...

9.8CVSS7.2AI score0.2049EPSS

RedhatCVE•added 2025/05/22 9:10 p.m.•7 views

CVE-2021-45458

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

7.5CVSS6.9AI score0.0208EPSS

RedhatCVE•added 2025/05/22 9:9 p.m.•13 views

CVE-2021-45732

Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools,...

8.8CVSS6.8AI score0.00779EPSS

RedhatCVE•added 2025/05/22 9:0 p.m.•3 views

CVE-2021-20170

Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password...

8.8CVSS7AI score0.005EPSS

RedhatCVE•added 2025/05/22 8:59 p.m.•4 views

CVE-2021-20155

Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of "12345678"...

9.8CVSS7.1AI score0.01899EPSS

RedhatCVE•added 2025/05/22 8:54 p.m.•3 views

CVE-2021-37163

An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded...

9.8CVSS7.4AI score0.01439EPSS

RedhatCVE•added 2025/05/22 8:43 p.m.•6 views

CVE-2021-39245

Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101...

7.5CVSS7.1AI score0.01346EPSS

Exploits3References1

RedhatCVE•added 2025/05/22 7:30 p.m.•6 views

CVE-2021-27153

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded trueadmin / admintrue credentials for an ISP...

9.8CVSS7.2AI score0.2049EPSS

RedhatCVE•added 2025/05/22 7:30 p.m.•4 views

CVE-2021-27172

An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh...

9.8CVSS7.3AI score0.19844EPSS

RedhatCVE•added 2025/05/22 7:30 p.m.•12 views

CVE-2021-27162

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / tattoo@home credentials for an ISP...

9.8CVSS7.1AI score0.26847EPSS

RedhatCVE•added 2025/05/22 7:29 p.m.•6 views

CVE-2021-27163

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / tele1234 credentials for an ISP...

9.8CVSS7.2AI score0.23633EPSS

RedhatCVE•added 2025/05/22 6:53 p.m.•15 views

CVE-2021-45521

Certain NETGEAR devices are affected by a hardcoded password. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10...

7.4CVSS6.9AI score0.00363EPSS

RedhatCVE•added 2025/05/22 6:48 p.m.•8 views

CVE-2021-42371

lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30...

9.8CVSS7AI score0.01508EPSS