CWE-259 · Use of Hard-coded Password
194 CVEs classified under CWE-259 (Use of Hard-coded Password). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-32741 | Critical | 10.0 | 2024-05-14 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged… |
CVE-2022-45444 | Critical | 10.0 | 2023-01-18 | Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the applicati… |
CVE-2025-20286 | Critical | 9.9 | 2025-06-04 | A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE)… |
CVE-2026-35905 | Critical | 9.8 | 2026-06-04 | T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root access under the "superadm… |
CVE-2026-7251 | Critical | 9.8 | 2026-05-26 | Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with r… |
CVE-2025-59388 | Critical | 9.8 | 2026-03-12 | A use of hard-coded password vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to gain un… |
CVE-2025-70041 | Critical | 9.8 | 2026-03-11 | An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master. |
CVE-2026-25753 | Critical | 9.8 | 2026-02-06 | PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password fo… |
CVE-2025-15111 | Critical | 9.8 | 2025-12-30 | Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access… |
CVE-2025-11126 | Critical | 9.8 | 2025-09-29 | A security flaw has been discovered in Apeman ID71 218.53.203.117. This vulnerability affects unknown code of the file /system/www/system.ini. The manipulation… |
CVE-2025-8730 | Critical | 9.8 | 2025-08-08 | A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the… |
CVE-2025-30115 | Critical | 9.8 | 2025-03-18 | An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Default Credentials Cannot Be Changed. It uses a fixed default SSID and password ("q… |
CVE-2025-27638 | Critical | 9.8 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Hardcoded Password V-2024-013. |
CVE-2025-1100 | Critical | 9.8 | 2025-02-12 | A CWE-259 "Use of Hard-coded Password" for the root account in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to… |
CVE-2024-4996 | Critical | 9.8 | 2024-12-18 | Use of a hard-coded password for a database administrator account created during Wapro ERP installation allows an attacker to retrieve embedded sensitive data… |
CVE-2024-25825 | Critical | 9.8 | 2024-10-09 | FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved… |
CVE-2024-43423 | Critical | 9.8 | 2024-09-25 | The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed. |
CVE-2023-37231 | Critical | 9.8 | 2024-09-10 | Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password. |
CVE-2024-42639 | Critical | 9.8 | 2024-08-16 | H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root. |
CVE-2024-41616 | Critical | 9.8 | 2024-08-06 | D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service. |