CWE-259 · Use of Hard-coded Password

194 CVEs classified under CWE-259 (Use of Hard-coded Password). Browse by severity and year.

Top CVEs for CWE-259
CVESeverityScorePublishedSummary
CVE-2024-32741Critical10.02024-05-14A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged…
CVE-2022-45444Critical10.02023-01-18Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the applicati…
CVE-2025-20286Critical9.92025-06-04A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE)…
CVE-2026-35905Critical9.82026-06-04T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root access under the "superadm…
CVE-2026-7251Critical9.82026-05-26Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with r…
CVE-2025-59388Critical9.82026-03-12A use of hard-coded password vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to gain un…
CVE-2025-70041Critical9.82026-03-11An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master.
CVE-2026-25753Critical9.82026-02-06PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password fo…
CVE-2025-15111Critical9.82025-12-30Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access…
CVE-2025-11126Critical9.82025-09-29A security flaw has been discovered in Apeman ID71 218.53.203.117. This vulnerability affects unknown code of the file /system/www/system.ini. The manipulation…
CVE-2025-8730Critical9.82025-08-08A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the…
CVE-2025-30115Critical9.82025-03-18An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Default Credentials Cannot Be Changed. It uses a fixed default SSID and password ("q…
CVE-2025-27638Critical9.82025-03-05Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Hardcoded Password V-2024-013.
CVE-2025-1100Critical9.82025-02-12A CWE-259 "Use of Hard-coded Password" for the root account in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to…
CVE-2024-4996Critical9.82024-12-18Use of a hard-coded password for a database administrator account created during Wapro ERP installation allows an attacker to retrieve embedded sensitive data…
CVE-2024-25825Critical9.82024-10-09FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved…
CVE-2024-43423Critical9.82024-09-25The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.
CVE-2023-37231Critical9.82024-09-10Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password.
CVE-2024-42639Critical9.82024-08-16H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root.
CVE-2024-41616Critical9.82024-08-06D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service.