CWE-798 · Use of Hard-coded Credentials

1728 CVEs classified under CWE-798 (Use of Hard-coded Credentials). Browse by severity and year.

Top CVEs for CWE-798
CVESeverityScorePublishedSummary
CVE-2026-45631Critical10.02026-05-29Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-secret-12345…
CVE-2026-42869Critical10.02026-05-11SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded…
CVE-2026-29128Critical10.02026-03-05IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zebra, bgpd, ospfd, and ripd) that are own…
CVE-2026-22769Critical10.02026-02-17Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthen…
CVE-2025-42890Critical10.02025-11-11SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the pos…
CVE-2025-20309Critical10.02025-07-02A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could…
CVE-2025-4378Critical10.02025-06-24Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentica…
CVE-2025-48748Critical10.02025-05-29Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password.
CVE-2025-20188Critical10.02025-05-07A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE So…
CVE-2024-41794Critical10.02025-04-08A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the…
CVE-2024-51551Critical10.02024-12-05Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPE…
CVE-2024-42450Critical10.02024-11-19The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Direct…
CVE-2023-2306Critical10.02023-10-05 Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials. With these credentials an attacke…
CVE-2023-24022Critical10.02023-01-26Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered a…
CVE-2022-45444Critical10.02023-01-18Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the applicati…
CVE-2021-40422Critical10.02022-04-14An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network re…
CVE-2021-40519Critical10.02021-11-10Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials.
CVE-2021-0248Critical10.02021-04-22This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials in Juniper Networks Junos OS allows an attacker t…
CVE-2020-6779Critical10.02021-01-26Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remo…
CVE-2020-1614Critical10.02020-04-08A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to tak…