The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Conf…

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability…

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has bee…

ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML s…

Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and d…

Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Mana…

man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execut…

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S…

KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses har…

Use of a static key to protect a JWT token used in user authentication can allow an for an auth…

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password …

A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director,…

Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. A…

An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded…

A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LD…

A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote …

D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks accou…

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to a…

Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager …

The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout …

ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for t…

Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt th…

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for t…

FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.

The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to valid…

The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code beca…

The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user ac…

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.…

Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup …

Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private…

The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding ac…

VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcode…

An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESC…

An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting versi…

An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /gofor…

Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcode…

An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through …

Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may all…

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassin…

A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, r…