The product contains hard-coded credentials, such as a password or cryptographic key.
1,712 vulnerabilities with CWE-798
CVE-2025-15105
LOW
maxun < 0.0.28 - Use of Hard-coded Cryptographic Key via api_key Argument
CVSS 3.7
CVE-2025-68948
HIGH
SiYuan < 3.5.2 - Session Hijacking via Hardcoded Cryptographic Key
CVSS 8.1
CVE-2025-33222
CRITICAL
NVIDIA Isaac Launchable - Use of Hard-coded Credentials
CVSS 9.8
CVE-2025-67418
CRITICAL
ClipBucket 5.3-5.5.2 - Unauthenticated Remote Administrative Access via Hardcoded Credentials
CVSS 9.8
CVE-2025-56157
CRITICAL
Dify < 1.5.1 - Use of Hard-coded PostgreSQL Credentials in docker-compose.yaml
CVSS 9.8
CVE-2025-7358
HIGH
SoliClub < 5.3.7 - Authentication Abuse via Hard-coded Credentials
CVSS 7.5
CVE-2025-1029
HIGH
Utarit SoliClub <5.3.7 - Info Disclosure
CVSS 7.5
CVE-2025-65855
MEDIUM
Netun Solutions HelpFlash IoT v18_178_221102_ASCII_PRO_1R5_50 - RCE
CVSS 6.6
CVE-2025-14096
HIGH
Radiometer Products - Info Disclosure
CVSS 8.4
CVE-2025-67809
MEDIUM
Zimbra Collaboration 10.0-10.1 < 10.1.13 - Hardcoded Flickr API Credentials in Zimlet
CVSS 4.7
CVE-2025-36752
CRITICAL
Growatt ShineLan-X Firmware 3.6.0.0-3.6.0.1 - Use of Hard-coded Credentials
CVSS 9.8
CVE-2025-36747
CRITICAL
Growatt ShineLan-X Firmware 3.6.0.0-3.6.0.1 - Use of Hard-coded Credentials in FTP Server
CVSS 9.8
CVE-2025-14611
CRITICAL
KEV
Gladinet CentreStack & Triofox <16.12.10420.56791 - Code Injection
CVSS 9.8
CVE-2025-54947
CRITICAL
Apache StreamPark 2.0.0-2.1.7 - Use of Hard-coded Cryptographic Key
CVSS 9.8
CVE-2025-65823
CRITICAL
Meatmeet Pro WiFi & Bluetooth Meat Thermometer Firmware - Use of Hard-coded Credentials
CVSS 9.8
CVE-2025-13954
CRITICAL
EZCast Pro II <1.17478.146 - Auth Bypass
CVE-2025-41696
MEDIUM
Phoenix Contact FL Switch Firmware < 3.50 - Unauthenticated Filesystem Access via UART Port
CVSS 4.6
CVE-2025-40938
HIGH
SIMATIC CN 4100 < 4.0.1 - Use of Hard-coded Credentials
CVSS 8.1
CVE-2025-14126
HIGH
TOZED ZLT M30S/ZLT M30S PRO <1.47/3.09.06 - Hard-Coded Credentials
CVSS 8.8
CVE-2025-65730
HIGH
goaway < 0.62.19 - Authentication Bypass via Hardcoded JWT Secret
CVSS 8.8
CVE-2025-66237
MEDIUM
DCIM dcTrack - Privilege Escalation
CVSS 6.7
CVE-2025-29268
CRITICAL
ALLNET ALL-RUT22GW v3.3.8 - Use of Hard-coded Credentials in libicos.so
CVSS 9.8
CVE-2025-64778
HIGH
mirion biodose/nmis < 23.0 - Use of Hard-coded Credentials
CVSS 7.3
CVE-2025-66454
MEDIUM
arcade-mcp < 1.5.4 - Unauthenticated Authentication Bypass via Hardcoded Worker Secret
CVSS 6.5
CVE-2025-54341
MEDIUM
Desktop Alert PingAlert Application Server 6.1.0.11-6.1.1.2 - Use of Hard-coded Credentials
CVSS 5.3
Details
Vulnerabilities
1,712
Exploit Likelihood
High