CWE-798 · Use of Hard-coded Credentials
1728 CVEs classified under CWE-798 (Use of Hard-coded Credentials). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-45631 | Critical | 10.0 | 2026-05-29 | Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-secret-12345… |
CVE-2026-42869 | Critical | 10.0 | 2026-05-11 | SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded… |
CVE-2026-29128 | Critical | 10.0 | 2026-03-05 | IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zebra, bgpd, ospfd, and ripd) that are own… |
CVE-2026-22769 | Critical | 10.0 | 2026-02-17 | Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthen… |
CVE-2025-42890 | Critical | 10.0 | 2025-11-11 | SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the pos… |
CVE-2025-20309 | Critical | 10.0 | 2025-07-02 | A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could… |
CVE-2025-4378 | Critical | 10.0 | 2025-06-24 | Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentica… |
CVE-2025-48748 | Critical | 10.0 | 2025-05-29 | Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password. |
CVE-2025-20188 | Critical | 10.0 | 2025-05-07 | A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE So… |
CVE-2024-41794 | Critical | 10.0 | 2025-04-08 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the… |
CVE-2024-51551 | Critical | 10.0 | 2024-12-05 | Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPE… |
CVE-2024-42450 | Critical | 10.0 | 2024-11-19 | The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Direct… |
CVE-2023-2306 | Critical | 10.0 | 2023-10-05 | Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials. With these credentials an attacke… |
CVE-2023-24022 | Critical | 10.0 | 2023-01-26 | Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered a… |
CVE-2022-45444 | Critical | 10.0 | 2023-01-18 | Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the applicati… |
CVE-2021-40422 | Critical | 10.0 | 2022-04-14 | An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network re… |
CVE-2021-40519 | Critical | 10.0 | 2021-11-10 | Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials. |
CVE-2021-0248 | Critical | 10.0 | 2021-04-22 | This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials in Juniper Networks Junos OS allows an attacker t… |
CVE-2020-6779 | Critical | 10.0 | 2021-01-26 | Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remo… |
CVE-2020-1614 | Critical | 10.0 | 2020-04-08 | A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to tak… |