CWE-798

High likelihood

Use of Hard-coded Credentials

Parent: CWE-1391 - Use of Weak Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

1,712 vulnerabilities with CWE-798
CVE-2026-4832 MEDIUM
Schneider Electric Easergy MiCOM P14x <B4A - Info Disclosure
CVE-2026-23781 CRITICAL
BMC Control-M/MFT 9.0.20-9.0.22 - Auth Bypass
CVSS 9.8
CVE-2026-1233 HIGH
Text to Speech (TTS) by Mementor <= 1.9.8 - Use of Hardcoded Password to Unauthenticated Remote Database Access
CVSS 7.5
CVE-2026-25601 MEDIUM
Credential Exposure vulnerability in MEPIS RM
CVSS 6.4
CVE-2026-1612 MEDIUM
Hard-coded AWS Key in AL-KO Robolinho Update Software
CVE-2026-4993 LOW
wandb OpenUI config.py hard-coded credentials
CVSS 3.3
CVE-2026-27073 HIGH
WordPress Addi – Cuotas que se adaptan a ti plugin <= 2.0.4 - Broken Authentication vulnerability
CVSS 7.5
CVE-2026-4404 CRITICAL
Use of hard coded credentials in GoHarbor Harbor
CVSS 9.4
CVE-2026-1958 HIGH
Hard-coded passwords in KlinikaXP
CVE-2026-22900 CRITICAL
QuNetSwitch < 2.0.5.0906 - Hard-Coded Credentials
CVSS 9.8
CVE-2026-33072 HIGH
FileRise: Default Encryption Key Enables Token Forgery and Config Decryption
CVSS 8.2
CVE-2026-4475 HIGH
Yi Technology YI Home Camera ipc hard-coded credentials
CVSS 8.8
CVE-2026-30701 CRITICAL
WiFi Extender WDR201A HW V2.1 FW LFMZX28040922V1.02 - Info Disclosure
CVSS 9.1
CVE-2026-28674 HIGH
xiaoheiFS Vulnerable to RCE via Arbitrary Payment Plugin Upload (Automatic Execution)
CVSS 7.2
CVE-2026-4219 LOW
INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App ae.index.apgcs BuildConfig.java hard-coded credentials
CVSS 3.3
CVE-2026-4216 MEDIUM
i-SENS SmartLog App air.SmartLog.android hard-coded credentials
CVSS 5.3
CVE-2026-3873 HIGH
Avantra < 25.3.0 - Use of Hard-coded Credentials
CVSS 7.2
CVE-2026-32138 HIGH
NEXULEAN < 2.0.0 - Unauthenticated API Key Exposure
CVSS 8.2
CVE-2026-28255 CRITICAL
Trane Tracer SC/SC+/Concierge - Auth Bypass
CVSS 9.8
CVE-2026-24448 CRITICAL
MR-GM5L-S1 & MR-GM5A-L1 - Auth Bypass
CVSS 9.8
CVE-2026-29023 HIGH
Keygraph Shannon < 023cc95 - Unauthenticated API Access via Hard-coded Router API Key
CVSS 7.3
CVE-2026-29128 CRITICAL
IDC SFX2100 Firmware - Info Disclosure
CVSS 10.0
CVE-2026-29120 HIGH
International Datacasting Corporation SFX2100 Firmware - Local Privilege Escalation via Hardcoded Root Password
CVSS 7.8
CVE-2026-29119 CRITICAL
IDC SFX Series SuperFlex(SFX2100) - Auth Bypass
CVSS 9.8
CVE-2026-28778 CRITICAL
International Datacasting Corporation SFX Series SuperFlex Satellite Receiver - Use of Hard-coded Credentials
CVSS 9.8
Details
Vulnerabilities 1,712
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits